CP
cyberpings

Gemara Model Revolutionizes Governance, Risk, and Compliance

The Gemara Model has been introduced to improve Governance, Risk, and Compliance practices. Organizations will benefit from a unified approach to security and compliance. This model aims to standardize processes, making compliance easier and more effective. Learn how this could impact your organization’s security measures.

Industry NewsMEDIUMUpdated: Published:

Original Reporting

OSOpenSSF Blog·OpenSSF

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, the Gemara Model helps organizations manage security and compliance more effectively.

What Happened

In a world where software development is evolving rapidly, traditional Governance, Risk, and Compliance (GRC) methods are struggling to keep pace. Compliance activities often exist as a separate administrative layer, making it hard for organizations to demonstrate their security measures after the fact. Recognizing this gap, the industry has turned to GRC Engineering and concepts like policy-as-code to enhance compliance efforts.

However, there are significant alignment issues across tools, teams, and organizations. The industry suffers from a lack of standardization in philosophies, language, and data schemas. To address this, a new model called the Gemara Model has been introduced, aiming for global standardization and philosophical alignment in GRC practices.

Why Should You Care

You might wonder why this matters to you. If you work in any organization, understanding how GRC functions can directly impact your job, especially if you handle sensitive information or compliance tasks. Think of it like building a house; without a solid foundation and a common blueprint, the structure may collapse. The Gemara Model provides that blueprint, making it easier for organizations to ensure they meet security standards and regulations.

The key takeaway is that this model aims to unify GRC practices, making it simpler for organizations to manage risk and compliance effectively. This could lead to better security for your data and a smoother experience for you as a user or employee.

What's Being Done

The Gemara Model is already making waves in the industry. It builds upon existing frameworks like the CNCF’s Automated Governance Maturity Model and incorporates insights from NIST’s OSCAL and other projects. Here’s what you can do if you’re part of an organization affected by these changes:

  • Familiarize yourself with the Gemara Model and its seven-layer architecture.
  • Assess your current GRC practices and identify areas for improvement.
  • Engage with your team to discuss how you can implement this model effectively.

Experts are closely monitoring how organizations adopt this model and its impact on compliance efficiency. The hope is that with standardized practices, organizations can significantly enhance their security posture and compliance efforts.

🔒 Pro Insight

🔒 Pro insight: The Gemara Model's layered architecture could streamline compliance processes, fostering interoperability across disparate GRC tools and frameworks.

OSOpenSSF Blog· OpenSSF
Read Original

Share

Related Pings

Preview image for Global Cybersecurity Summit - 3 Reasons to Attend Now
Industry News
LOW

Global Cybersecurity Summit - 3 Reasons to Attend Now

The Global Cybersecurity Summit is coming up! Learn about AI, threats, and exposure management. Don't miss the chance to enhance your security strategy and connect with experts.

R7Rapid7 Blog
Read PingRead Source
Preview image for Locked Shields 2026 - 41 Nations Strengthen Cyber Resilience
Industry News
MEDIUM

Locked Shields 2026 - 41 Nations Strengthen Cyber Resilience

Locked Shields 2026 has concluded, with 41 nations participating in a massive cyber defense exercise. This event is crucial for enhancing global cyber resilience and collaboration against cyber threats. The lessons learned will help nations strengthen their defenses.

SWSecurityWeek
Read PingRead Source
Preview image for Sean Plankey Withdraws CISA Nomination Amid Senate Stalemate
Industry News
HIGH

Sean Plankey Withdraws CISA Nomination Amid Senate Stalemate

Sean Plankey has withdrawn his nomination to lead CISA after a long delay. This decision highlights challenges in U.S. cybersecurity leadership. The agency is currently leaderless, raising concerns about national security during critical times.

CSCSO Online
Read PingRead Source
Preview image for Cloudsmith Raises $72 Million in Series C Funding
Industry News
MEDIUM

Cloudsmith Raises $72 Million in Series C Funding

Cloudsmith has raised $72 million to enhance its software security solutions. This funding will help address the challenges posed by AI in software development. The investment aims to improve product offerings and market reach.

SWSecurityWeek
Read PingRead Source
Preview image for Rilian Raises $17.5 Million for AI-Native Security Orchestration
Industry News
MEDIUM

Rilian Raises $17.5 Million for AI-Native Security Orchestration

Rilian has raised $17.5 million to enhance its AI-native security orchestration platform. This funding will support its growth and development of advanced cyber defense technologies. With a focus on government and critical infrastructure, Rilian aims to redefine security operations.

SWSecurityWeek
Read PingRead Source
Preview image for CyberSmart Partners with Renaissance to Boost SME Cybersecurity
Industry News
LOW

CyberSmart Partners with Renaissance to Boost SME Cybersecurity

CyberSmart has joined forces with Renaissance to enhance cybersecurity for SMEs. This partnership simplifies compliance and risk management, making security accessible for small businesses. Together, they aim to help organizations stay secure in a complex threat landscape.

ISIT Security Guru
Read PingRead Source