Blogs
Is LI-SaaS your 2020 Fast Track to FedRAMP Success
By Jamie Graf CSPs providing Low-Impact Software-as-a-Service (LI-SaaS) products can take advantage of a FedRAMP Tailored authorization for a streamlined approach to compliance. The FedRAMP Tailored authorization is for low-risk [...]
LI-SaaS: A Simpler Path to Gov Cloud Services Adoption
By David Trout In a recent report published by the GAO, it was found that “from June 2017 to July 2019, the number of authorizations granted through FedRAMP by the 24 agencies [...]
DoD Contractors Prepare for CMMC
By Greg Kent In response to rising levels of data theft from contractors in the Department of Defense (DoD) supply chain, the Pentagon has announced the development of a program: [...]
CMMC Compliance Solutions
Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to undergo cybersecurity audit and certification, beginning mid 2020. CMMC will be a single standard for all DoD [...]
5 Free Burp Tutorials and Cheat-Sheets for Penetration Testing
By Tobias McCurry As part of our penetration testing and vulnerability assessment services, SecureIT uses an application security testing (AST) tool called Burp by PortSwigger. (No, I don’t know why [...]
800-171: A Key Number for Working with the Federal Government
By Corey Clements Protecting the Country’s Data Ask what data can do for you but also ask what is required to protect your organization’s data. Data is only valuable when [...]
Look Before You Leap: The Value of FedRAMP Pre-Assessment
By Corey Clements “The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud [...]
Penetration Testing: Add to your Spring Cleaning
By Tobias McCurry Here in the Washington, D.C. area, we’ve been enjoying unseasonably warm weather. T-shirts and open windows belie the fact that it’s still winter, for another 17 days [...]
5 Things to Look for in Choosing a 3PAO
By Corey Clements In my recent post, “Look before You Leap: The Value of FedRAMP Pre-Assessment,” I compared earning FedRAMP authorization to climbing Mt. Everest. Both require the assistance of [...]
How Hackers Exploit Legitimate Openings into Your Corporate Network
By Tobias McCurry Companies have a hard time justifying a need to test their internal environment. The internal network is often a mystery box of systems. A majority of companies [...]
Faster FedRAMP: Preparing for RAR Success
By Jamie Graf What is a RAR? A FedRAMP Readiness Assessment Report (RAR) demonstrates a cloud service provider’s (CSP) capability to meet FedRAMP security requirements, and that they are ready [...]
Ready to Demonstrate Compliance with NIST SP 800-171? Sharpen those #2 Pencils!
By Corey Clements In order to be useful, data must be analyzed and shared, while also being adequately protected to ensure security, compliance, and privacy. And that is the purpose [...]
800-171 Spring ’19 Update: DoD Contractors Need to Take Note
By Corey Clements Cybersecurity concerns are driving a tougher stance from DoD on contractors and their implementation of security controls to protect controlled unclassified information (CUI). The Department of Defense [...]
Get Smart on FIPS 140-2 Validation for FedRAMP
By Corey Clements As a certified third-party assessment organization (3PAO), SecureIT has wide-ranging experience with the issues and challenges that cloud service providers (CSPs) encounter as they prepare for FedRAMP [...]
Testing your Mobile App before Publishing
Smartphones and tablets are ubiquitous—nearly everyone has one. These tiny computers have access to lots of personal information. Having a mobile app can help your company with customer service, ordering, [...]
The Difference Between a Vulnerability Scan and a Pen Test
Because vulnerability scanning and penetration testing (pen testing) sound like two phrases for the same activity, we often take time to demystify the confusion surrounding these two information security activities. [...]
SecureIT and the White Hat Gala to Benefit Children’s National Health System
By David Trout The White Hat organization was established in 2004 in the United Kingdom to protect vulnerable children through charitable means. In 2012, Paul Innella, CEO of TDI, and [...]