Tech Bulletins – Speed Authorization Success with our FedRAMP Insights

Learn more details about our services and why choosing SecureIT for your information security, audit, and compliance initiative gives organizations the most value and while delivering the confidence needed to focus on your core business.

Defining the FedRAMP System Boundary  Download Now	Vulnerability Management FAQs  Download Now
FedRAMP FIPS 140-2 Validation Tech Bulletin Download Now	FedRAMP FIPS 140-2 Validation Example Download Now

13 Mistakes to Avoid for FedRAMP Success Download Now

FedRAMP Moderate Equivalency for DoD Contractors Download Now

eBooks

SecureIT is continually reviewing trends, examining technologies and engaging in standards development in cyber security, information assurance, audit, and regulatory compliance. Those efforts, combined with our first hand experience solving our customers’ problems, yield whitepapers and reports that offer insights, guidance and best practice. We hope that you find them useful.

12 Secrets to SOC 2 Success Attaining SOC 2 compliance is a common requirement for service organizations to attract mid-sized and large commercial customers. Many software service providers first try to obtain SOC 2 compliance through internal initiatives. Unfortunately, SecureIT has found that most organizations seeking first time SOC 2 compliance underestimate the scope of the challenges they face and overestimate the ability of their IT organization to implement the controls and process changes needed. This eBook shares insights that we have gained from providing guidance and hands-on assistance to enable dozens of organizations to achieve and sustain SOC 2 compliance on their first attempt. Read Now	Transforming IT Audit for Cloud Computing Access proven best practices and valuable insights from industry leaders that will propel success with your cloud audit. The eBook is a must read for increasing IT Audit’s success in planning, executing, and monitoring cloud audit initiatives. Read Now
FedRAMP Tailored LI-SaaS Success Planning Guide Greg Kent Vice President, SecureIT Read Now	CMMC Compliance Preparing for Success eBook David Trout President & CEO, SecureIT Read Now

Managing SSH Keys and Associations

The Secured Shell (SSH) service is widely deployed to provide secured connectivity between systems. In other words, SSH is the secured alternative for telnet or ftp services, which are clear text and could expose user credentials and sensitive network traffic to eavesdroppers. SSH provides an encrypted tunnel through which users can enter commands, transfer files, or even use an X Windows graphical users interface.

For many years, auditors have been advocating wide deployment of SSH as a costeffective solution to the security problem of clear text network transports. OpenSSH is the most commonly deployed implementation of the SSH protocol. The price is right – it’s free – and it does not require the complexities of a Public Key Infrastructure (PKI) for generating keys. However, many organizations that have large OpenSSH deployments have found that SSH can introduce new security problems that can be as significant as the problem of clear text transmissions.

Written by Greg Kent, SecureIT Vice President, our three part SSH eBook series provides a comprehensive discussion of the risks, solutions and preventive measures that can improve the security and success of your SSH deployment.

x

Part 1: Background and Risks

x

Part 2: Risk Management & Solutions

x

Part 3: Policy and Prevention

Learn

Transforming IT Audit for Cloud Computing

Access proven best practices and valuable insights from industry leaders that will propel success with your cloud audit. The eBook is a must read for increasing IT Audit’s success in planning, executing, and monitoring cloud audit initiatives.

sudo Security and Risk Management Videos Series

Could more than a dozen of your employees have root access to mission critical servers due to error? SecureIT’s experience indicates that many companies have incorrectly implemented or maintained sudo exposing information assets to heightened risk from malicious actors.

Register and watch these videos now as Greg Kent, SVP of SecureIT provides a valuable discussion on sudo background, common sudo implementation mistakes, and policies for safer sudo going forward.

Watch the sudo security video series now.

Part 1: Introduction to sudo & Common Use Cases & Configuration >>

Part 2: Attacks on Poorly Written User Specifications >>

Part 3: Root Causes of the Problem & Resolving sudo Security Issues >>

Blogs