Comparison Overview

University of Maryland

VS

Carnegie Mellon University

University of Maryland

University of Maryland, College Park, MD, US, 20742
Last Update: 2026-04-01
View Profile
Between 750 and 799
http://umd.edu

As the State's flagship, the University of Maryland (UMD) strives to bring students deeply into the process of discovery, innovation and entrepreneurship. Whenever possible, hands-on research complements classroom instruction. Interdisciplinary collaborations facilitate the understanding of complex problems like cybersecurity and climate change, and international study and diversity help our graduates become global citizens. Its location inside Washington, D.C.'s Beltway, along with its own Metro stop, gives students numerous opportunities to work with neighboring federal agencies and labs, think tanks and foreign organizations.

NAICS: 6113
NAICS Definition: Colleges, Universities, and Professional Schools
Employees: 21,382
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
1
View Profile

Carnegie Mellon University

5000 Forbes Avenue, Pittsburgh, 15213, US
Last Update: 2026-04-01
Between 750 and 799
http://cmu.edu

Carnegie Mellon University founder Andrew Carnegie said: "My heart is in the work."​ No statement better captures the passion and drive of our people to make a real difference. At Carnegie Mellon, we're not afraid of the work. Our educational environment creates problem solvers, drivers of innovation and pioneers in technology and the arts. Employers in every field say our graduates are ready to hit the ground running the day they graduate. So, join us. Whether you're looking for a career or an education. Or both.

NAICS: 6113
NAICS Definition: Colleges, Universities, and Professional Schools
Employees: 11,194
Subsidiaries: 4
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/university-of-maryland.jpeg
University of Maryland
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/carnegie-mellon-university.jpeg
Carnegie Mellon University
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
University of Maryland
100%
Compliance Rate
0/4 Standards Verified
Carnegie Mellon University
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Higher Education Industry Average (This Year)

No incidents recorded for University of Maryland in 2026.

Incidents vs Higher Education Industry Average (This Year)

No incidents recorded for Carnegie Mellon University in 2026.

Incident History — University of Maryland (X = Date, Y = Severity)

University of Maryland cyber incidents detection timeline including parent company and subsidiaries

Incident History — Carnegie Mellon University (X = Date, Y = Severity)

Carnegie Mellon University cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/university-of-maryland.jpeg
University of Maryland
Incidents

Date Detected: 4/2021
Type:Ransomware
Blog: Blog
https://images.rankiteo.com/companyimages/carnegie-mellon-university.jpeg
Carnegie Mellon University
Incidents

No Incident

FAQ

Carnegie Mellon University company demonstrates a stronger AI Cybersecurity Score compared to University of Maryland company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

University of Maryland company has historically faced a number of disclosed cyber incidents, whereas Carnegie Mellon University company has not reported any.

In the current year, Carnegie Mellon University company and University of Maryland company have not reported any cyber incidents.

University of Maryland company has confirmed experiencing a ransomware attack, while Carnegie Mellon University company has not reported such incidents publicly.

Neither Carnegie Mellon University company nor University of Maryland company has reported experiencing a data breach publicly.

Neither Carnegie Mellon University company nor University of Maryland company has reported experiencing targeted cyberattacks publicly.

Neither University of Maryland company nor Carnegie Mellon University company has reported experiencing or disclosing vulnerabilities publicly.

Neither University of Maryland nor Carnegie Mellon University holds any compliance certifications.

Neither company holds any compliance certifications.

Carnegie Mellon University company has more subsidiaries worldwide compared to University of Maryland company.

University of Maryland company employs more people globally than Carnegie Mellon University company, reflecting its scale as a Higher Education.

Neither University of Maryland nor Carnegie Mellon University holds SOC 2 Type 1 certification.

Neither University of Maryland nor Carnegie Mellon University holds SOC 2 Type 2 certification.

Neither University of Maryland nor Carnegie Mellon University holds ISO 27001 certification.

Neither University of Maryland nor Carnegie Mellon University holds PCI DSS certification.

Neither University of Maryland nor Carnegie Mellon University holds HIPAA certification.

Neither University of Maryland nor Carnegie Mellon University holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References