Blogs
Guidance for CSPs & DoD Contractors Using Cloud Services to Handle CUI
By Greg Kent, Senior Vice President, CTO A previous blog discussed the latest guidance from DoD and the Cyber AB in the draft CMMC Assessment Process (CAP) document. Specifically, [...]
Understanding DoD FedRAMP Moderate Equivalency Requirements for CSPs
By Greg Kent, Senior Vice President, CTO DoD contractors using a cloud service provider (CSP) to store, process, or transmit covered defense information (CDI)/controlled unclassified information (CUI) must require and [...]
Multifactor Requirements for CMMC
By Greg Kent, Senior Vice President, CTO CMMC requirements for multifactor authentication (MFA) seems to stump many SMBs. CMMC control IA.L2-3.5.3 requires Federal contractors to "Use multifactor authentication for local [...]
Clarifying Cloudy Responsibilities for CMMC Success
By Connor Payne With CMMC generally consisting of a “follow the data” exercise, DoD contractors often underestimate their reliance on third-party vendors to store, protect, process, or transmit CUI data. [...]
Shared Responsibilities: You’re Not (Totally) Off the Hook
By Connor Payne Inherited controls from a cloud service provider such as Amazon Web Services (AWS) or Microsoft Azure include physical and environmental controls that a customer fully inherits from [...]
The FIPS 199 Categorization of Cloud System for FedRAMP
By Greg Kent, Senior Vice President, CTO FedRAMP has control baselines for low, moderate, and high impact systems. The appropriate baseline, and therefore the particular control requirements that apply, depend [...]
CMMC, Take 2.0 – 3 Strategic Tips for Success
By Les Buday, Managing Director “Streamlined. Flexible. Secure.” This is the tagline listed on the CMMC website managed by the Office of the Under Secretary of Defense (OUSD) Acquisition & Sustainment (A&S). [...]
Successfully Transitioning to NIST 800-53 Rev5
By Greg Kent, Senior Vice President, CTO NIST SP 800-53 is a catalog of security and privacy controls designed to protect US federal information systems and organizations from cybersecurity [...]
Follow the CUI for CMMC Compliance
By Greg Kent “Follow the CUI.” That is the standard practice that DoD contractors follow to determine exactly what system components and networks are within the scope boundary for Level [...]
Enterprise Security for the Remote Workplace – 3 Remote Access Settings Worth Reviewing
By Tobias McCurry Although remote access into corporate networks isn’t new, such widespread, continuous use of remote access is. Organizations very early on identified capacity issues, but some legacy security [...]
VDI for CUI
By Josh Griswell One approach that contractors can take in approaching CMMC is including all of their infrastructure within the scope boundary for a CMMC certification. This means that all [...]
Enhancing Laptop Security for the Remote Workplace
By Greg Kent Many organizations leverage control points specifically architected into their on-premise infrastructure to enforce security policies. When employees work from home, their computers may not access the corporate [...]
New 800-171 Assessment Process in DFARS Rule Change
By Greg Kent The Department of Defense (DoD) recently released changes to DFARS rules for security assessments required for contractors. The CMMC Interim Rule (DFARS Case 2019-D041) requires defense contractors [...]
Sharpen Your Pencils for CMMC
By Greg Kent Fall will be here before you know it, so now is a good time for DoD contractors to review their business development and contract strategy for the [...]
CMMC Solutions for Defense Contractors
Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to undergo cybersecurity audit and certification, beginning in 2020/2021. Based on NIST 800-171 controls, the CMMC will be a [...]
Is LI-SaaS your 2020 Fast Track to FedRAMP Success
By Jamie Graf CSPs providing Low-Impact Software-as-a-Service (LI-SaaS) products can take advantage of a FedRAMP Tailored authorization for a streamlined approach to compliance. The FedRAMP Tailored authorization is for low-risk [...]
LI-SaaS: A Simpler Path to Gov Cloud Services Adoption
By David Trout In a recent report published by the GAO, it was found that “from June 2017 to July 2019, the number of authorizations granted through FedRAMP by the 24 agencies [...]
DoD Contractors Prepare for CMMC
By Greg Kent In response to rising levels of data theft from contractors in the Department of Defense (DoD) supply chain, the Pentagon has announced the development of a program: [...]
CMMC Compliance Solutions
Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to undergo cybersecurity audit and certification, beginning mid 2020. CMMC will be a single standard for all DoD [...]
5 Free Burp Tutorials and Cheat-Sheets for Penetration Testing
By Tobias McCurry As part of our penetration testing and vulnerability assessment services, SecureIT uses an application security testing (AST) tool called Burp by PortSwigger. (No, I don’t know why [...]