Browser security can be an integral component of your organization’s regulatory compliance initiatives. Managing browsers, protecting the organization from browser-borne threats, and securing internal web applications from such threats all contribute to a more secure and compliant organization.
The Menlo Secure Enterprise Browser solution can help your organization meet regulatory requirements from around the world while helping you navigate their best practices and guidance.
Please contact us for additional information on any of these or others for which you need help.
The NIST CSF was created to help organizations to better understand and improve their management of cybersecurity risk. One aspect of cybersecurity risk is posed by web-borne threats that are specifically designed to evade legacy network security and threat detection tools. In fact, the recent Menlo Browser Security Report found that in the Menlo cloud, 20 percent of attacks included such evasive techniques.
Components of the CSF directly align with Menlo Secure Enterprise Browser solution capabilities:
In these ways, Menlo can assist organizations with implementing cybersecurity guided by the NIST CSF.
NIST published the last major update of NIST 800-53 in 2020. The publication offers a regulatory standard defining a minimum baseline of security controls for all U.S. federal information systems except those related to national security. While the original purpose of the publication was to improve the security posture of systems used within the federal government, the controls have become a primary framework for security teams in commercial, educational, and state and local government entities to define and implement security and privacy controls.
Given the persistent migration to the use of web-based applications, both internally and of course SaaS, any cybersecurity strategy aligned to NIST 800-53 must include browser security. The Menlo Secure Enterprise Browser solution can help every organization reach NIST 800-53 goals by securing any user, with any browser, in any location, using any application.Browser security, rather than legacy web security, is crucial, given that as many as 20% of web-borne threats are designed to evade detection by legacy web security solutions such as secure web gateways (SWG) and cloud access security brokers (CASB).
On your zero trust journey, you need unbiased opinions from trusted sources, such as CISA. In April 2023, CISA released the Zero Trust Maturity Model version 2.0 to help governments and organizations worldwide implement the principles of zero trust in a structured way while assessing their progress in doing so.Menlo Security engaged Coalfire, the highly regarded security analyst firm, to assess the Menlo Secure Enterprise Browser solution for use in zero trust initiatives relative to the CISA Zero Trust Maturity Mode version 2.0. Following the engagement, Coalfire published a Product Applicability Guide (PAG) reflecting its findings. You can read about them in our blog or the Coalfire PAG: Menlo Secure Enterprise Browser solution for use in Zero Trust Environments to help you apply browser security to your zero trust journey.
The TIC 3.0 standard from CISA gave U.S. federal agencies and organizations a more flexible approach to security controls, accommodating mobile, cloud, and encryption, and keeping security close to the data itself.With the modern reality of SaaS and internal web-based applications, the work to comply with TIC 3.0 must integrate browser security. Organizations can leverage the Menlo Secure Enterprise Browser solution as part of their TIC 3.0 strategies. Browser security is required, rather than legacy web security, to prevent modern web-borne attacks.
The United States DoD drives risk reduction initiatives for the defense industrial base (DIB), which faces frequent and sophisticated attacks. Any successful attack could compromise both Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). To address such risks, the DoD published the latest CMMC in October 2024.
Like any organization, members of the DIB rely on public and internal web-based applications accessed through web browsers. Threat actors know this and increasingly create web-borne attacks designed to evade network-based defenses. In the Menlo cloud, which is protecting billions of web sessions yearly, 20 percent of attacks include evasive designs, as documented in the Menlo Security 2025 State of Browser Security Report.The Menlo Secure Enterprise Browser solution can help members of the DIB comply with CMMC v2.0 by stopping web-borne threats and adding a strong layer of security to protect FCI and CUI.
Read the technical brief to learn more.
The TIC 3.0 standard from CISA gave U.S. federal agencies and organizations a more flexible approach to security controls, accommodating mobile, cloud, and encryption, and keeping security close to the data itself.With the modern reality of SaaS and internal web-based applications, the work to comply with TIC 3.0 must integrate browser security. Organizations can leverage the Menlo Secure Enterprise Browser solution as part of their TIC 3.0 strategies. Browser security is required, rather than legacy web security, to prevent modern web-borne attacks.
The Center for Internet Security browser benchmarks provide actionable guidance with a structured and reliable approach to securing web browsers, helping organizations protect themselves against a wide range of cyber threats.
Any institution that holds payment card data must comply with PCI-DSS. Among many areas, the standard covers network security, data protection, and malware and threat prevention.
Organizations worldwide now rely on the web browser for access to applications both internally and across the internet. As seen in the Menlo Security 2025 State of Browser Security Report, 20 percent of browser-borne attacks are specifically designed to evade network security and compromise data protection. PCI-DSS compliance requires browser security to address such threats and more.
Here are some specific ways Menlo can help with PCI compliance:
The list above is a subset. Menlo Security can help organizations comply with PCI-DSS in many additional areas.
Every security professional in the U.S. healthcare industry must be mindful of the security and privacy requirements driven by HIPAA rules, which are undergoing crucial updates to align with international standards, such as GDPR, NIS2, and ISO 27001.
Patient, provider, and researcher interaction with protected health information (PHI) is almost entirely done via the web browser. HIPAA compliance, now and in the future, requires browser security.
To provide security professionals in the healthcare sector with unbiased information, Menlo Security engaged with Coalfire, the trusted security analyst firm, to evaluation the Menlo Secure Enterprise Browser solution and its applicability to organizations that need to comply with HIPAA rules.
To learn more, you can get started with a two-part blog on the intersection of PHI and browser security (part 1; part 2), or go directly to the Product Applicability Guide on this topic authored by Coalfire.
The massive growth in global internet companies drove the European Union to recognize that user privacy could only be protected by government regulation. GDPR went into effect in 2018, giving individuals control over their personal data.
To provide such individual control over one’s data, it must be protected from theft or leakage. The enormous growth of web-based applications and the consumption of internet-served data, coupled with the explosive growth in web-borne attacks, means that any strategy to conform with GDPR must include browser security.
The Menlo Secure Enterprise Browser solution is a requisite new step in your GDPR compliance regimen, as it includes multi-mode data loss prevention for browser-based traffic among many other privacy-assuring protections.
The second-generation European Union Network and Information Security Directive went live in 2024. Among other requirements, organizations must ensure they can report a breach within 24 hours.
Since many breaches occur though the web browser, a zero trust browser security strategy can help a threat investigation throughout the attack chain. Zero trust browser security provides visibility and control into browser behavior, improves the overall security posture across browser types, and helps integrate browser security with the rest of the security stack. Armed with visibility and control, security teams can conduct proper investigations into breaches and meet the 24-hour disclosure deadline mandated in NIS2.
DORA went live in early 2025 and is intended to strengthen the digital resilience of the EU financial sector. It covers risk management, incident reporting, resilience testing, and third-party risk and information sharing.
In the face of such a regulation, browser security is essential. The Menlo Secure Enterprise Browser solution delivers cloud-based security for every user on any device in any location.
To learn more, watch the webinar: Why Browser Security Matters for NIS2 and DORA Compliance.
The National Cybersecurity Authority (NCA) of the Kingdom of Saudia Arabia developed ECC to help organizations minimize the cybersecurity risks that originate from internal and external threats.
The Menlo Secure Enterprise Browser solution directly supports the NCA ECC by stopping browser-borne threats that can evade network security controls.
Read the compliance brief.
The India Digital Personal Data Protection Act was approved in 2023. While multinational organizations based in India and operating in the EU and Canada have been required to comply with GDPR and the California Consumer Privacy Act (CCPA), the advent of DPDP in India ensures privacy control for individuals to all holders of data in India.
Indian organizations holding data must close the browser security gap, in particular identifying a browser security solution with multi-mode data loss prevention for browser-based traffic.
CIPA, passed in 2000, is intended to limit children's exposure to dangerous online content.
The Menlo Secure Enterprise Browser solution can assist with CIPA compliance by enabling you to block all content mandated by CIPA from reaching users. Read more.