Datasheets
Learn more details about our services and why choosing SecureIT for your information security, audit, and compliance initiative gives organizations the most value and while delivering the confidence needed to focus on your core business.
FedRAMP Advisory Services |
FedRAMP 3PAO Services |
|
Penetration Testing Services |
IT Audit & Compliance Services |
|
SOC 2 Audit Services |
CMMC Compliance Services |
|
|
||
Tech Bulletins – Speed Authorization Success with our FedRAMP Insights
Learn more details about our services and why choosing SecureIT for your information security, audit, and compliance initiative gives organizations the most value and while delivering the confidence needed to focus on your core business.
|
|
FedRAMP FIPS 140-2 Validation Tech Bulletin |
FedRAMP FIPS 140-2 Validation Example |
Defining the FedRAMP System Boundary 
Vulnerability Management FAQs 
13 Mistakes to Avoid for FedRAMP Success |
FedRAMP Moderate Equivalency for DoD Contractors |
eBooks
SecureIT is continually reviewing trends, examining technologies and engaging in standards development in cyber security, information assurance, audit, and regulatory compliance. Those efforts, combined with our first hand experience solving our customers’ problems, yield whitepapers and reports that offer insights, guidance and best practice. We hope that you find them useful.
12 Secrets to SOC 2 SuccessAttaining SOC 2 compliance is a common requirement for service organizations to attract mid-sized and large commercial customers. Many software service providers first try to obtain SOC 2 compliance through internal initiatives. Unfortunately, SecureIT has found that most organizations seeking first time SOC 2 compliance underestimate the scope of the challenges they face and overestimate the ability of their IT organization to implement the controls and process changes needed. This eBook shares insights that we have gained from providing guidance and hands-on assistance to enable dozens of organizations to achieve and sustain SOC 2 compliance on their first attempt. |
Transforming IT Audit for Cloud ComputingAccess proven best practices and valuable insights from industry leaders that will propel success with your cloud audit. The eBook is a must read for increasing IT Audit’s success in planning, executing, and monitoring cloud audit initiatives. |
FedRAMP TailoredLI-SaaS Success Greg Kent |
CMMC CompliancePreparing for Success David Trout |
Managing SSH Keys and Associations
The Secured Shell (SSH) service is widely deployed to provide secured connectivity between systems. In other words, SSH is the secured alternative for telnet or ftp services, which are clear text and could expose user credentials and sensitive network traffic to eavesdroppers. SSH provides an encrypted tunnel through which users can enter commands, transfer files, or even use an X Windows graphical users interface.
For many years, auditors have been advocating wide deployment of SSH as a costeffective solution to the security problem of clear text network transports. OpenSSH is the most commonly deployed implementation of the SSH protocol. The price is right – it’s free – and it does not require the complexities of a Public Key Infrastructure (PKI) for generating keys. However, many organizations that have large OpenSSH deployments have found that SSH can introduce new security problems that can be as significant as the problem of clear text transmissions.
Written by Greg Kent, SecureIT Vice President, our three part SSH eBook series provides a comprehensive discussion of the risks, solutions and preventive measures that can improve the security and success of your SSH deployment.
x
Part 1: Background and Risks
x
Part 2: Risk Management & Solutions
x
Part 3: Policy and Prevention
Learn
Transforming IT Audit for Cloud Computing
Access proven best practices and valuable insights from industry leaders that will propel success with your cloud audit. The eBook is a must read for increasing IT Audit’s success in planning, executing, and monitoring cloud audit initiatives.
Burp Primer Videos & Cheatsheets
Companies need a complete understanding of their risk and exposure. SecureIT’s penetration testing services test and verify the effectiveness of currently deployed security measures. This video and cheatsheet provides an overview of one of the tools that we use in order to detect network vulnerabilities.
Click on the links below to watch the videos & download the cheatsheets:
Burp Proxy Setup & Configuration >>
Burp Specialized Analysis & Detection Tools >>
sudo Security and Risk Management Videos Series
Could more than a dozen of your employees have root access to mission critical servers due to error? SecureIT’s experience indicates that many companies have incorrectly implemented or maintained sudo exposing information assets to heightened risk from malicious actors.
Register and watch these videos now as Greg Kent, SVP of SecureIT provides a valuable discussion on sudo background, common sudo implementation mistakes, and policies for safer sudo going forward.
Watch the sudo security video series now.
Part 1: Introduction to sudo & Common Use Cases & Configuration >>
Part 2: Attacks on Poorly Written User Specifications >>
Part 3: Root Causes of the Problem & Resolving sudo Security Issues >>
Blogs
Guidance for CSPs & DoD Contractors Using Cloud Services to Handle CUI
By Greg Kent, Senior Vice President, CTO A previous [...]
Understanding DoD FedRAMP Moderate Equivalency Requirements for CSPs
By Greg Kent, Senior Vice President, CTO DoD contractors using [...]
CEO David Trout Talks FedRAMP at DICE EAST
SecureIT's President and CEO David Trout joins a panel of [...]
Multifactor Requirements for CMMC
By Greg Kent, Senior Vice President, CTO CMMC requirements for [...]
Clarifying Cloudy Responsibilities for CMMC Success
By Connor Payne With CMMC generally consisting of a “follow [...]
Shared Responsibilities: You’re Not (Totally) Off the Hook
By Connor Payne Inherited controls from a cloud service provider [...]