LakeRidge Blog

Compliance guides, checklists & news

Practical, control-by-control guidance for CMMC, NIST SP 800-171, HIPAA, ISO 27001 and NCA ECC — written by the team that gets companies certified.

What Should a USB Drive Policy Template Include?

Cybersecurity ·Jul 2026

What Should a USB Drive Policy Template Include?

A usb drive policy template should define approved devices, access rules, encryption, transport, disposal, exceptions, and review requirements.

What Should a Microsoft 365 Tabletop Exercise Test? (2-7-3)

Cybersecurity ·Jul 2026

What Should a Microsoft 365 Tabletop Exercise Test? (2-7-3)

Learn what to test in a microsoft 365 tabletop exercise, including data handling decisions, incident actions, owners, and evidence.

What Security Policies Does a Dental Office Need First? (2 Hours)

HIPAA ·Jul 2026

What Security Policies Does a Dental Office Need First? (2 Hours)

Use this dental office security policies checklist to document the first HIPAA Security Rule policies in two focused hours.

What Office Security KPIs Should You Track in BigQuery?

Cybersecurity ·Jul 2026

What Office Security KPIs Should You Track in BigQuery?

Track office security kpis BigQuery metrics for access reviews, visitor records, facility issues, and evidence of ISO 27001 control performance.

What Is a Logging RACI Matrix for IT, HR, Legal and Leadership?

Cybersecurity ·Jul 2026

What Is a Logging RACI Matrix for IT, HR, Legal and Leadership?

Define logging raci matrix roles so IT, HR, Legal, security, and leaders can assign ownership for producing, protecting, and reviewing logs.

What Is a Business Associate Agreement for a Cloud Backup Vendor?

HIPAA ·Jul 2026

What Is a Business Associate Agreement for a Cloud Backup Vendor?

Learn when a business associate agreement cloud backup vendor is required, what HIPAA terms it needs, and what proof buyers expect.

What Is a 30-Day Plan to Fix Missing App Security Requirements? (1-6-3)

Cybersecurity ·Jul 2026

What Is a 30-Day Plan to Fix Missing App Security Requirements? (1-6-3)

Use this 30 day plan for application security requirements to document controls, test applications, harden releases, and produce ECC 1-6-3 evidence.

What GitHub Reports Prove Source Code Access Is Controlled?

Cybersecurity ·Jul 2026

What GitHub Reports Prove Source Code Access Is Controlled?

github reports source code access audit evidence shows who can access repositories, what permissions they hold, and how access changes are reviewed.

What Evidence Do Auditors Need From SharePoint Version History?

HIPAA ·Jul 2026

What Evidence Do Auditors Need From SharePoint Version History?

SharePoint version history audit evidence shows auditors who changed ePHI, when prior copies were preserved, and how integrity controls are tested.

What Does Workstation Security Cost Per Clinic?

HIPAA ·Jul 2026

What Does Workstation Security Cost Per Clinic?

The workstation security cost per clinic typically runs $500–$1,100 per worker in year one; see a 50-person budget, ROI, and breakeven math.

What Does Compliant Scanning Look Like in Microsoft Defender? (SI.L2-3.14.5)

Cybersecurity ·Jul 2026

What Does Compliant Scanning Look Like in Microsoft Defender? (SI.L2-3.14.5)

See how cmmc microsoft defender compliant file scanning meets SI.L2-3.14.5 with defined periodic scans and real-time external-file protection.

What Do Background Checks Cost per Employee? (PS.L2-3.9.1)

Cybersecurity ·Jul 2026

What Do Background Checks Cost per Employee? (PS.L2-3.9.1)

Estimate background check cost per employee CMMC at $95–$200 in year one, then calculate the budget, avoided-loss ROI, and buy-versus-build threshold.

What Counts as a Reportable Phishing Incident? (IR.L2-3.6.2)

Cybersecurity ·Jul 2026

What Counts as a Reportable Phishing Incident? (IR.L2-3.6.2)

Define a cmmc reportable phishing incident and show how to track, document, and notify the right people for CMMC Level 2.

What Contract Clauses Require 24-Hour Incident Reports?

Cybersecurity ·Jul 2026

What Contract Clauses Require 24-Hour Incident Reports?

Use contract clauses for 24-hour incident reporting to bind vendors and subcontractors to fast notice, evidence preservation, and audit rights.

What Clear Desk KPIs Should IT Managers Track Monthly?

Cybersecurity ·Jul 2026

What Clear Desk KPIs Should IT Managers Track Monthly?

Use clear desk kpis to track monthly to prove ISO 27001 clear desk and clear screen enforcement with audit-ready evidence and trends.

What Clauses Require Annual Subcontractor Security Reviews?

HIPAA ·Jul 2026

What Clauses Require Annual Subcontractor Security Reviews?

Use a hipaa annual subcontractor security review clause to require documented yearly reviews, evidence, audit access, and remediation rights.

What Are the Minimum Identity Checks for Health Records? 2-Hour Baseline

HIPAA ·Jul 2026

What Are the Minimum Identity Checks for Health Records? 2-Hour Baseline

Establish minimum identity checks for health records in two hours with HIPAA §164.312(d) evidence an auditor can test.

What Are Patient Data Email Requirements in Microsoft 365?

HIPAA ·Jul 2026

What Are Patient Data Email Requirements in Microsoft 365?

Understand hipaa email requirements microsoft 365: secure patient data in transit, apply encryption when appropriate, and document safeguards.

What a Payroll Fraud Postmortem Taught Us About Dual Approval

Cybersecurity ·Jul 2026

What a Payroll Fraud Postmortem Taught Us About Dual Approval

A payroll fraud dual approval postmortem shows why independent review, separated permissions, and audit evidence stop payment diversion.

Using Azure Key Vault HSM for High-Sensitivity Data (2-8-3)

Cybersecurity ·Jul 2026

Using Azure Key Vault HSM for High-Sensitivity Data (2-8-3)

Azure Key Vault Managed HSM configuration secures high-sensitivity keys with HSM-backed generation, rotation, access control, and ECC 2-8-3 evidence.

Ultimate Guide to CUI Subcontractor Transfers (AC.L2-3.1.3)

Cybersecurity ·Jul 2026

Ultimate Guide to CUI Subcontractor Transfers (AC.L2-3.1.3)

Meet CUI subcontractor transfer requirements by authorizing, encrypting, documenting, and enforcing every approved CUI data flow.

The Ultimate Guide to ePHI Workstation Security (164.310(c))

HIPAA ·Jul 2026

The Ultimate Guide to ePHI Workstation Security (164.310(c))

Understand hipaa workstation security requirements under 164.310(c), with remote-work safeguards, implementation steps, a checklist, and FAQs.

SIEM vs IDS: Which Does a Small Business Need First?

Cybersecurity ·Jul 2026

SIEM vs IDS: Which Does a Small Business Need First?

siem vs ids for small business: start with a managed SIEM for broad monitoring, then add IDS when network-specific detection is needed.

Security Alert vs Incident: Close Defender False Positives (IR.L2-3.6.2)

Cybersecurity ·Jul 2026

Security Alert vs Incident: Close Defender False Positives (IR.L2-3.6.2)

Understand microsoft defender alert vs incident: close benign Defender detections, document true incidents, and meet CMMC IR.L2-3.6.2 reporting.

Rippling vs BambooHR for Disciplinary Cases: Pricing by Size

Cybersecurity ·Jul 2026

Rippling vs BambooHR for Disciplinary Cases: Pricing by Size

Rippling vs BambooHR disciplinary case pricing by company size: compare costs, audit evidence, and the best ISO 27001 fit.

PowerShell Script Policy Template for IT Teams (SC.L2-3.13.13)

Cybersecurity ·Jul 2026

PowerShell Script Policy Template for IT Teams (SC.L2-3.13.13)

Use this powershell script policy template to authorize, restrict, monitor, and document PowerShell use for CMMC Level 2 assessments.

OneTrust vs LogicGate for vendor breaches: pricing tiers & size fit

HIPAA ·Jul 2026

OneTrust vs LogicGate for vendor breaches: pricing tiers & size fit

Compare onetrust vs logicgate vendor breach pricing tiers, size fit, and evidence workflows for HIPAA business-associate breach response.

How to Turn an Excel Asset List Into a Compliant Register

Cybersecurity ·Jul 2026

How to Turn an Excel Asset List Into a Compliant Register

A practical ISO 27001 playbook to migrate excel asset list to compliant asset register, assign owners, preserve evidence, and validate control 5.9.

How to Set ChromeOS Screen Lock: Devices > Chrome > Settings

HIPAA ·Jul 2026

How to Set ChromeOS Screen Lock: Devices > Chrome > Settings

Learn how to set ChromeOS screen lock Google Admin console settings to require timely locking and password-protected access on managed devices.

How to Run a Tabletop Exercise for a Stolen EHR Badge

HIPAA ·Jul 2026

How to Run a Tabletop Exercise for a Stolen EHR Badge

Run a stolen EHR badge tabletop exercise to test identity verification, revoke access, preserve evidence, and improve HIPAA response decisions.

How to Move from Ad Hoc Offboarding to a 30-Day Exit Plan

Cybersecurity ·Jul 2026

How to Move from Ad Hoc Offboarding to a 30-Day Exit Plan

Learn how to create a 30 day employee exit plan with a practical migration path, cutover runbook, evidence, and ISO 27001 controls.

How to Monitor Outsourced Developers: Azure Monitor > Activity Log

Cybersecurity ·Jul 2026

How to Monitor Outsourced Developers: Azure Monitor > Activity Log

Use azure monitor outsourced developers activity log to export, alert on, and retain contractor Azure changes for ISO 27001 8.30 evidence.

How to Fix Shared Dentrix Logins After an Audit Finding

HIPAA ·Jul 2026

How to Fix Shared Dentrix Logins After an Audit Finding

Learn how to fix shared Dentrix logins audit finding with unique accounts, access cleanup, evidence, and repeatable HIPAA controls.

How to Fix Overbroad Google Cloud IAM Roles After an Audit

HIPAA ·Jul 2026

How to Fix Overbroad Google Cloud IAM Roles After an Audit

Learn how to fix overbroad google cloud iam roles audit finding with scoped replacements, validation evidence, and repeatable review controls.

How to Build a Google Workspace Mobile Device Compliance Dashboard (AC.L2-3.1.18)

Cybersecurity ·Jul 2026

How to Build a Google Workspace Mobile Device Compliance Dashboard (AC.L2-3.1.18)

Build a Google Workspace mobile device compliance dashboard with KPI targets, data sources, and reporting evidence for CMMC AC.L2-3.1.18.

How to Automate Entra Named Locations with PowerShell (2-5-3)

Cybersecurity ·Jul 2026

How to Automate Entra Named Locations with PowerShell (2-5-3)

Learn how to automate entra named locations powershell with idempotent Microsoft Graph scripts, approvals, logging, and rollback controls.

Google Workspace NDA Requirements: The Ultimate Guide

Cybersecurity ·Jul 2026

Google Workspace NDA Requirements: The Ultimate Guide

Google workspace nda requirements: document, sign, review, and retain confidentiality agreements for users who access sensitive information.

Google Workspace Audit Log Timestamp Clause Template (AU.L2-3.3.7)

Cybersecurity ·Jul 2026

Google Workspace Audit Log Timestamp Clause Template (AU.L2-3.3.7)

Use this google workspace audit log timestamp clause template to require synchronized audit timestamps from subcontractors supporting CMMC Level 2 work.

Google Cloud vs On-Prem: Proving Session Lock Evidence (AC.L2-3.1.10)

Cybersecurity ·Jul 2026

Google Cloud vs On-Prem: Proving Session Lock Evidence (AC.L2-3.1.10)

google cloud vs on prem session lock audit evidence: compare enforceable settings, proof sources, and tradeoffs for CMMC AC.L2-3.1.10.

GitHub Actions to Scan Test-Tool ZIPs Before USB Release (MA.L2-3.7.4)

Cybersecurity ·Jul 2026

GitHub Actions to Scan Test-Tool ZIPs Before USB Release (MA.L2-3.7.4)

Use GitHub Actions scan test tool ZIPs before USB release with malware checks, hashes, signed evidence, and a controlled approval gate.

Exposed Docker API: Lessons From a Crypto Mining Incident (CM.L2-3.4.7)

Cybersecurity ·Jul 2026

Exposed Docker API: Lessons From a Crypto Mining Incident (CM.L2-3.4.7)

How an exposed Docker API crypto mining incident happens, what CM.L2-3.4.7 requires, and the practical fixes that prevent recurrence.

Do Microsoft 365 Licenses Include Clock Sync? (AU.L2-3.3.7)

Cybersecurity ·Jul 2026

Do Microsoft 365 Licenses Include Clock Sync? (AU.L2-3.3.7)

Does microsoft 365 include clock synchronization? No—learn the incremental cost, ROI, and budget for AU.L2-3.3.7 compliance.

Cloud vs On-Prem Antivirus Costs for Small Contractors (SI.L2-3.14.5)

Cybersecurity ·Jul 2026

Cloud vs On-Prem Antivirus Costs for Small Contractors (SI.L2-3.14.5)

cloud vs on-prem antivirus costs small defense contractor: compare SI.L2-3.14.5 licensing, operations, scan evidence, and deployment choices.

Build vs Buy USB Control: 3-Year TCO and Payback (AC.L2-3.1.21)

Cybersecurity ·Jul 2026

Build vs Buy USB Control: 3-Year TCO and Payback (AC.L2-3.1.21)

Calculate build vs buy usb device control total cost of ownership, 3-year payback, and a defensible AC.L2-3.1.21 budget.

7 Microsoft 365 Audit Log Mistakes and How to Avoid Them

HIPAA ·Jul 2026

7 Microsoft 365 Audit Log Mistakes and How to Avoid Them

Avoid microsoft 365 audit log mistakes by enabling complete logging, retaining evidence, reviewing alerts, and documenting audit controls.

7 Group Health Plan Document Mistakes With Sponsor ePHI

HIPAA ·Jul 2026

7 Group Health Plan Document Mistakes With Sponsor ePHI

Avoid group health plan document mistakes sponsor ePHI: seven fixes for sponsor access, safeguards, vendors, and incident reporting.

7 Google Cloud Security Review Mistakes vCISOs Must Avoid

Cybersecurity ·Jul 2026

7 Google Cloud Security Review Mistakes vCISOs Must Avoid

Avoid google cloud security review mistakes that weaken independent oversight, audit evidence, and risk decisions across your GCP environment.

What Should an EHR Access Control Policy Template Include?

HIPAA ·Jul 2026

What Should an EHR Access Control Policy Template Include?

An ehr access control policy template should define who receives EHR access, how it is approved, reviewed, removed, and audited under HIPAA.

Showing the 48 most recent

Browse the full archive by framework

2604 control-by-control guides, checklists, and news — organized by the framework you need.