SecureIT's President and CEO David Trout joins a panel of distinguished leaders from Intel, Oracle, Mitre and Microsoft to discuss data center readiness for government cloud solutions. Chief amongst the topics at DICE EAST on May 25th is how colocation providers can prepare to tackle FedRAMP authorization. With Northern Virginia on pace to soon become [...]
About Chor-Ching FanThis author has not yet filled in any details.
So far Chor-Ching Fan has created 93 blog entries.
By Connor Payne With CMMC generally consisting of a “follow the data” exercise, DoD contractors often underestimate their reliance on third-party vendors to store, protect, process, or transmit CUI data. Many small and midsize businesses (SMBs) rely heavily on managed service providers (MSPs) and even more refined services such as managed security service providers (MSSPs), [...]
By Connor Payne Inherited controls from a cloud service provider such as Amazon Web Services (AWS) or Microsoft Azure include physical and environmental controls that a customer fully inherits from the provider. In general terms, shared responsibility means that the cloud service provider is responsible for the security of the cloud while the customer is [...]
By Greg Kent, Senior Vice President, CTO FedRAMP has control baselines for low, moderate, and high impact systems. The appropriate baseline, and therefore the particular control requirements that apply, depend on the system impact level or categorization. The FedRAMP impact level or categorization of a system is determined by formal process defined by FIPS Publication [...]
By Tobias McCurry Although remote access into corporate networks isn’t new, such widespread, continuous use of remote access is. Organizations very early on identified capacity issues, but some legacy security risks in remote access solutions may be exacerbated by the extensive use of remote access under a widespread work from home scenario. Accordingly, it may [...]
By Josh Griswell One approach that contractors can take in approaching CMMC is including all of their infrastructure within the scope boundary for a CMMC certification. This means that all of the company’s components and devices would have to follow the processes and practices required by CMMC. The larger the company’s environment, the more complex [...]
June 9, 2021 The Department of Education (DoED) has selected a team that includes SecureIT for their Cybersecurity and Privacy Support Services (CPSS) contract program. We look forward to working alongside our partners and providing our security, risk and audit expertise to address DoED's cybersecurity health and compliance requirements.
By Greg Kent Many organizations leverage control points specifically architected into their on-premise infrastructure to enforce security policies. When employees work from home, their computers may not access the corporate IT infrastructure, which bypasses these on-prem controls. Consider, for example, an organization that controls the websites that employee laptops can access by routing outbound web [...]
SecureIT is proud to announce its status as a StateRAMP Approved Assessor. StateRAMP was developed with procurement and IT officials in mind – to bridge the gap between the two offices and provide a framework of cybersecurity standards for government contractors. All too often procurement officials are challenged with procuring the best cloud services and software for the lowest price, without the [...]
By Greg Kent The Department of Defense (DoD) recently released changes to DFARS rules for security assessments required for contractors. The CMMC Interim Rule (DFARS Case 2019-D041) requires defense contractors to self-report a score of compliance with 800-171 controls using a specified scoring methodology. Results of these assessments will be posted on the Supplier Performance [...]