this post was submitted on 16 Feb 2026
34 points (85.4% liked)

Ask Lemmy

37874 readers
1391 users here now

A Fediverse community for open-ended, thought provoking questions

Rules: (interactive)

1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online

Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija

Logo design credit goes to: tubbadu

founded 2 years ago
MODERATORS
Bluetreefrog@lemmy.world
TheSaneWriter@lemm.ee
TheSaneWriter@lemmy.thesanewriter.com
Asudox@lemmy.world
lemmy_bot@lemmy.world
beefbaby182@lemmy.world
ModeratorCan@lemmy.world
neidu3@sh.itjust.works
asudox@lemmy.asudox.dev
candyman337@lemmy.world
candyman337@sh.itjust.works
34
What's the thing you have deep knowledge of but never find a place to bring it up? (lemmy.world)
submitted 2 days ago by setsneedtofeed@lemmy.world to c/asklemmy@lemmy.world
38 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Newsteinleo@infosec.pub 6 points 1 day ago (2 children)

IT compliance regulations, even IT people's eyes glaze over at the topic.

[–] Prancingpotato@lemmy.world 2 points 13 hours ago (1 children)

Oh hey, I'm an IT auditor, I work on Sox clients during half the year. That really is an obscure topic, but I'm not sure I want to discuss it outside of work !

[–] AA5B@lemmy.world 1 points 2 hours ago* (last edited 2 hours ago)

Seriously, I’d tune in. We have protocols “for Sox compliance”, but I’ve never been privy to an audit so have no idea if they’re effective.

As a DevSecOps professional, I may have opportunities to make compliance easier or more effective, if I knew how they worked or had any feedback

Edit: I love the idea of ComplianceAsCode mentioned here, and hadn’t read of it before but it looks all about infrastructure while I’m all about product builds

[–] fruitycoder@sh.itjust.works 2 points 15 hours ago (3 children)

Do we have lemmy community for IT compliance? Id actually kind of enjoy that.

What kinds do you deal with? CISA, HIPPA, PCI DSS, etc?

[–] redsand@infosec.pub 2 points 11 hours ago (1 children)

HIPPA is so strange in how much and how little it matters at the same time. Often in the same email.

[–] fruitycoder@sh.itjust.works 2 points 8 hours ago (1 children)

HIPPA honestly falls into the data protection pillar of zetotrust to me, and my experence in that space was people just got overwhelmed by it. Like old school ip/port security people can wrapped their heads around, but try to introduce the concept that data should accessed just in time of use by authorized people that need to use it and otherwise it should made technically infeasable (i.e. encryption), and bamm they lost all concept.

Like its hard, for sure, but even a little closer to the goal is better then nothing people!

from an org too the incentives are just wack, they almost want enough effort to appear they are doing something to accredited or pass audit but the consequences for the people affected are just way higher then any org has to deal with.

[–] redsand@infosec.pub 1 points 7 hours ago

And there's so much low hanging fruit from end users or whole departments that have their IT managed separately by a 3rd party(occasionally doctors)

[–] nomecks@lemmy.wtf 4 points 14 hours ago

ISO27001 gang

[–] Newsteinleo@infosec.pub 3 points 15 hours ago (2 children)

Right now I suffer through SOX. I would like to be doing stuff with CMMC and NIST SP 800-171.

[–] deeferg@lemmy.ca 1 points 8 hours ago

Yup, the eye glazing has begun while reading this thread. The world needs people like you so people like me don't have to cock it all up

[–] fruitycoder@sh.itjust.works 1 points 8 hours ago

I got to listen to a major university talk about getting theit super compute enviroment CMMCed. They sounded like a war vet and still not sure they even got it handlef fully unfortunatly. Though compliance and compSci lab is a hostile mix to handle.

Honestly following CISA, and DISA STIGs seems easier but those are for more descrete systems versus whole IT networks.

Are their anythings like the ComplianceAsCode project for SOX or is it more orginizational compliance?