Staying on top of compliance requirements is crucial for organizations to protect sensitive data and maintain the trust of their stakeholders. As we dive into 2024, several important compliance deadlines loom on the horizon. In this article, we'll explore the top upcoming deadlines for cybersecurity compliance and what organizations need to do to prepare.
PCI DSS v4.0 Phase 1 - March 31, 2024
PCI DSS v3.2.1 will officially retire on March 31, 2024, and PCI DSS v4.0 will become the only active version. Until then, v3.2.1 and v4.0 are active while organizations transition. Once PCI DSS v4.0 becomes the official standard, the countdown begins for the final deadline to comply with the new requirements, which will be a year later on March 31, 2025. While the deadline may seem a ways away, it is critical for organizations to begin implementing the new controls as soon as possible.
Related Read: PCI DSS v4.0 At A Glance: The Vital Role of Integrity Management
Source: https://blog.pcisecuritystandards.org/countdown-to-pci-dss-v4.0
Download the solution brief for more information on achieving and maintaining compliance and see how CimTrak aligns with 50+ PCI DSS v4.0 controls.
SEC Cybersecurity Disclosure Rules for Smaller Reporting Companies - June 31, 2025
On July 26, 2023, the Securities and Exchange Commission adopted new rules to address two main aspects of cybersecurity risk in public companies: cybersecurity risk management and incident disclosure. Under the ruling, all publicly traded companies are mandated to disclose information regarding cybersecurity risk, management, strategy, and governance on an annual basis.
Related Read: SEC Cybersecurity Ruling - What to Know and How to Prepare
The final rule requiring businesses to begin reporting on a material cybersecurity incident within four business days of determination became effective on September 5, 2023. Large reporting companies were required to comply by December 18, 2023, while smaller reporting companies were given an additional 180 days to comply with Item 1.05 of Form 8-K, and that deadline is coming up quickly in Q2, June 31, 2024.
For more information on the ruling and how CimTrak can help smaller reporting companies simplify audits, download the solution brief or speak with an expert today.
Zero Trust - September 30, 2024
In May 2021, the White House released an executive order mandating a shift to Zero Trust principles. The order focused on expanding several cybersecurity capabilities for government agencies and, in tandem, raised awareness of Zero Trust principles across a broader audience. Since the release of the executive order, the White House issued a memorandum in January 2022 for a Federal Zero Trust Architecture (ZTA) strategy requiring federal agencies, and potentially other organizations that work with government agencies, to meet specific cybersecurity standards and objectives by the end of Fiscal Year 2024.
Related Read: ANSWERED: How To Implement Zero Trust in Your Organization
The specific Zero Trust security goals required of federal agencies directly align with the five pillars outlined in the Cybersecurity and Infrastructure Security Agency's (CISA) Zero Trust Maturity Model. Executive Order 14028 originally required agencies to develop their own plans for implementing a Zero Trust Architecture. Agencies now must build upon their ZTA plans to incorporate the 19 additional tasks required by the memorandum.
For more information on adopting a Zero Trust strategy, download The Missing Components of Zero Trust today.
CMMC 2.0 - Now to October 2025
The Department of Defense (DoD) is set to roll out CMMC 2.0, which follows NIST 800-171 standards more closely than the first version, requiring defense contractors and subcontractors to brush up on NIST guidelines. In fact, organizations should be working on CMMC implementation plans as soon as possible, as NIST 800-171 is a current requirement. While, as of May 2023, a phased implementation of CMMC 2.0 is already in place, some DoD contractors are beginning to require subcontractors to demonstrate compliance now, prior to the final deadline looming in October 2025.
Related Read: How to Prepare for a CMMC Audit
As organizations are preparing their implementation process, one of the most notable changes in CMMC 2.0 is the elimination of security levels two and four, effectively reducing the number of security tiers from five to three, further aligning with NIST requirements. Meeting the objectives of CMMC 2.0 may become a moving target in the coming months as NIST 800-171 r3 is finalized in the spring.
Source: https://dodcio.defense.gov/CMMC/Model/
For more information on how CimTrak can help your organization prepare for a CMMC audit and maintain CMMC compliance over time, along with the changes in NIST 800-171 r2 to r3, download CMMC 2.0: Streamlining Cybersecurity Requirements for Defense Contractors today!
Get Started
The imminent deadlines for PCI DSS v4.0, SEC cybersecurity requirements, Zero Trust, and CMMC 2.0 encourage organizations to strengthen their cybersecurity measures. Leveraging advanced solutions like CimTrak is crucial for organizations looking to achieve seamless compliance.
For detailed insights on navigating these compliance deadlines, download our resources or speak to one of our security experts.
