NIST

A Comprehensive Guide to NIST Compliance In the dynamic world of government contracting, understanding and adhering to the National Institute of Standards and Technology (NIST) requirements is essential. These standards, particularly the NIST Special Publication 800-171, dictate how government contractors should manage and protect sensitive federal information. This guide provides an in-depth look at NIST […]

Securing Your Cloud Infrastructure Google Cloud Penetration Testing: In today’s rapidly digitizing world, cloud environments have become essential to businesses of all sizes. With a massive surge in cloud adoption, ensuring security in these virtual environments is paramount. Google Cloud Platform (GCP) is a leading provider of cloud services, and penetration testing or “pen testing” […]

Fortifying the Frontline of Public-Private Collaboration Government Contractor Cybersecurity is imperative in today’s hyper-connected era. The collaboration between governments and private entities is an integral part of national infrastructure and defense. Government contractors, serving as a bridge between bureaucratic mechanisms and cutting-edge private sector solutions, are a crucial link in this chain. As with all […]

NIST 800-53 Penetration Testing. In the complex landscape of cybersecurity, understanding and implementing the right frameworks is paramount. Among the most authoritative sources is the National Institute of Standards and Technology (NIST) and its renowned Special Publication 800-53. One key aspect of this guidance is the emphasis on penetration testing. This deep dive aims to […]

The rapidly evolving digital landscape necessitates the implementation of comprehensive cybersecurity measures. For organizations striving for robust information technology security, the National Institute of Standards and Technology (NIST) provides invaluable guidance. One such directive is the NIST Special Publication 800-50. This resource offers a deep dive into NIST 800-50, emphasizing its role in promoting IT […]

The landscape of cybersecurity is marked by frameworks and guidelines that help organizations safeguard their data and infrastructure. Among these, the National Institute of Standards and Technology (NIST) holds a significant position. Two of its publications, NIST 800-53 and 800-171, serve as cornerstones in this domain. While they both aim to enhance cybersecurity, their specific […]

NIST 800-53 Antivirus

In today’s digital-driven world, where cyber threats lurk around every corner, organizations seek robust frameworks to bolster their security posture. Enter the NIST Cybersecurity Maturity Model—a blend of NIST’s foundational principles and the concept of maturity modeling. If you’re aiming to understand, implement, or just curious about this model, you’ve landed at the right place. […]

Introduction As cybersecurity threats intensify and diversify, it’s imperative for organizations to not just implement defensive strategies but also ensure their effectiveness. This need for assurance is where NIST’s (National Institute of Standards and Technology) Special Publication 800-171 becomes instrumental. Designed to protect Controlled Unclassified Information (CUI) in non-federal systems, one of its standout components […]

Every day, the information we learn about the FireEye hack just keeps getting increasingly worse. Last week we wrote about the hack occurring; yesterday we reported that not only was FireEye impacted, but the US government was, as well… Along with businesses and other governments across the globe; and today, we are starting to understand […]

Based on some confusing and potentially conflicting information we have found, we thought it was extremely important to clarify all expectations that the DoD has of its primes, subs and vendors. From listening to podcasts, watching and attending webinars, and reading any and every publication and white paper we can get our hands on, one […]

Penalties: Case Studies (An Excerpt from Craig’s newest book: “Ultimate Guide to CMMC: How to Access Millions in Government Contracts”) As we have established, it is clear that the “self-reporting” and “honor system” for government contractors who are required to abide by NIST 800-171 to gain government contracts is NOT working. But just because everyone […]

“CMMC certification is your Driver’s License on the Information Superhighway.” -Katie Arrington And if that’s the case (which it is), then the self-assessment required by the new DFARS Interim Rule is your permit… One that you must attain before December 1st, 2020 if you want to keep your car on the road- or your contract […]

With the halt of HIPAA (Health Insurance Portability and Accountability Act of 1996) audits by the Department of Health and Human Services’ Office (HHS) for Civil Rights (OCR), the healthcare industry is seeing a decline of about 2% annually in compliance with HIPAA’s Security Rule (NIST 800-66).  With that, however, has been a rise in […]

Sometimes, government requirements and regulations can make you feel like you are Alice falling down new rabbit holes, trying to figure out just what exactly your business needs to do to win (and keep) your contracts and subcontracts. Do you need to be NIST certified? SP 800-53 or SP 800-171, or both?  What are FARS […]

One of the most frequent questions I hear from our clients about the new Cybersecurity Maturity Model Certification, after a few choice words, is: “How much is this going to cost me?” It’s a great question, and one I can’t fully answer because, unfortunately, they haven’t even rolled out the auditor program yet!! That being […]