The Australian Prudential Regulation Authority's (APRA) Information Security Standard CPS 234

Comprehensive Data Protection Platform for APRA Regulation CPS 234 compliance

Overview

With CPS 234 Regulators, standard-setters and financial services institutions are coming together to boost resilience against evolving threats.

What is CPS 234?
The Australian Prudential Regulation Authority's (APRA) Information Security Standard CPS 234 commenced on the 1st of July 2019 and mandates all APRA regulated entities to build the information security controls, capabilities, and measures to be resilient against security incidents, including cyber-attacks.

The entities need to bolster their hold upon information asset identification and classification, roles and responsibilities around information security with clear Segregation of Duties, implementation and testing of information security controls, internal audits, incident management, and breach notification.

CPS 234 calls for protective measures to be in tandem with the size of the business and the threats faced. Any third party that manages the information held by an APRA regulated company also needs to comply.
APRA overview

How Fortanix can help you meet CPS 234 compliance?

Apart from boasting a FIPS 140-2 Level 3 security policy with unmatched flexibility and scalability, the Fortanix Data Security Manager SaaS offers a broad range of security controls to help businesses meet their compliance standards.

cps overview image

How it helps?

Protect data wherever it’s residing

Fortanix DSM SaaS with integrated HSM, key management, encryption, shared secrets, and tokenization capabilities can facilitate data security at every level of the enterprise data stack, including applications, database, file system, full disk, and network-attached storage levels.

Protect data wherever it’s residing

Centralized key management and security policies on-premises and multi-Cloud

Complete key lifecycle management as a service for secure and consistent key management across on-premises and multi-cloud environments. Applications and databases converge upon a single source of cryptographic services, and the security team gets a single pane of glass view of the entire ecosystem.

Centralized key management and security policies on-premises and multi-Cloud

Fine-grained access controls for users and data

Only the authorized processor gets access to the required data and only for the duration for which a business case exists.

Fine-grained access controls for users and data

Cloud-ready Tokenization

With Fortanix, you can substitute token for sensitive data using a REST API to achieve privacy compliance. This helps eliminate the link to sensitive data and protect against data breaches.

Cloud-ready Tokenization

Transparent Database Encryption

Fortanix integrates with native database encryption to manage and store the cryptographic keys required to encrypt all your databases including Oracle, MS SQL Server, MongoDB, PostgreSQL, MySQL, Maria DB, IBM DB2, and more.

Transparent Database Encryption