Building Better GRC Habits: Why 2025 Is the Year To Embrace Continuous Controls Monitoring January 30, 2025 | By J. Travis Howerton Every January, we commit to building better habits. We buy gym memberships, download meditation apps, or swear to finally learn that new language. But here’s a thought: how well are our organizations carrying…
Digitizing NRC 5.71: A Step Towards Seamless Compliance for the Nuclear Industry January 2, 2025 | By J. Travis Howerton Digitizing the NRC 5.71 Cyber Security Program in RegScale In an era where cyber threats are growing more sophisticated, organizations in regulated industries face increasing challenges in maintaining robust cybersecurity programs. For organizations under the…
The Hidden Costs of Manual GRC in a Cloud-First World October 30, 2024 | By J. Travis Howerton Rethinking GRC: Navigating Challenges in a Cloud-Native World Before I joined RegScale, I was a big buyer of legacy GRC tools. I won’t name any particular tools, but most of them featured 20-year-old approaches and “automation” in…
FedRAMP Loves Compliance as Code: Insights from the OMB’s Recent Memo July 26, 2024 | By J. Travis Howerton Today, July 26, 2024, the Office of Management and Budget (OMB) released a memo on their plans to modernize the FedRAMP program titled Modernizing the Federal Risk and Authorization Management Program (FedRAMP). This memorandum rescinds the Federal…
Thriving in 2030: The future of compliance and risk management June 18, 2024 | By J. Travis Howerton RegScale CEO Travis Howerton recently contributed an insightful byline to Security Magazine, “Thriving in 2030: The Future of Compliance and Risk Management.” This article details the future landscape of compliance and risk management as we approach 2030….
The reality is that GRC tools still serve a valuable function for compliance and risk, but the “how” they do it no longer works for most companies. What the world needs now is Continuous Controls Monitoring (CCM). The CCM approach extends beyond legacy GRC to provide real-time insights via automation, data-driven governance, and proactive risk mitigation.
Until recently, FedRAMP (Federal Risk and Authorization Management Program) certification was an Executive Branch mandate, but now that it has become law, it legally stands between cloud service providers (CSPs) and government revenue.
As of February 25, 2023, RegScale has announced that we officially support the NIST Special Publication 800-218 Revision 1 as a catalog within our platform for building secure software systems based on best practices from NIST.
As of February 19, 2023, RegScale has announced that we officially support the Australian ISM as a catalog within our platform with automated tools/wizards for building security plans for Australian information systems.
As of February 2, 2023, RegScale has announced that we officially support the Cyber Security and Infrastructure Security Agency (CISA) CPG as a catalog within our platform with automated tools/wizards for building security plans for Critical Infrastructure Programs.