Archive for the ‘NIST’ Category

NIST Requirements for Government Contractors

Monday, August 21st, 2023

A Comprehensive Guide to NIST Compliance In the dynamic world of government contracting, understanding and adhering to the National Institute of Standards and Technology (NIST) requirements is essential. These standards, particularly the NIST Special Publication 800-171, dictate how government contractors should manage and protect sensitive federal information. This guide provides an in-depth look at NIST […]

Google Cloud Penetration Testing

Monday, August 21st, 2023

Securing Your Cloud Infrastructure Google Cloud Penetration Testing: In today’s rapidly digitizing world, cloud environments have become essential to businesses of all sizes. With a massive surge in cloud adoption, ensuring security in these virtual environments is paramount. Google Cloud Platform (GCP) is a leading provider of cloud services, and penetration testing or “pen testing” […]

Government Contractor Cybersecurity

Monday, August 21st, 2023

Fortifying the Frontline of Public-Private Collaboration Government Contractor Cybersecurity is imperative in today’s hyper-connected era. The collaboration between governments and private entities is an integral part of national infrastructure and defense. Government contractors, serving as a bridge between bureaucratic mechanisms and cutting-edge private sector solutions, are a crucial link in this chain. As with all […]

NIST 800-53 Penetration Testing

Monday, August 21st, 2023

NIST 800-53 Penetration Testing. In the complex landscape of cybersecurity, understanding and implementing the right frameworks is paramount. Among the most authoritative sources is the National Institute of Standards and Technology (NIST) and its renowned Special Publication 800-53. One key aspect of this guidance is the emphasis on penetration testing. This deep dive aims to […]

NIST Special Publication 800-50: Building an Information Technology Security Awareness and Training Program

Monday, August 21st, 2023

The rapidly evolving digital landscape necessitates the implementation of comprehensive cybersecurity measures. For organizations striving for robust information technology security, the National Institute of Standards and Technology (NIST) provides invaluable guidance. One such directive is the NIST Special Publication 800-50. This resource offers a deep dive into NIST 800-50, emphasizing its role in promoting IT […]

NIST 800-53 vs. 800-171: Distinguishing Between Two Pillars of Cybersecurity

Monday, August 21st, 2023

The landscape of cybersecurity is marked by frameworks and guidelines that help organizations safeguard their data and infrastructure. Among these, the National Institute of Standards and Technology (NIST) holds a significant position. Two of its publications, NIST 800-53 and 800-171, serve as cornerstones in this domain. While they both aim to enhance cybersecurity, their specific […]

NIST 800-53 Antivirus: A Deep Dive into Cybersecurity Standards and Antivirus Protection

Monday, August 21st, 2023

NIST 800-53 Antivirus

The NIST Cybersecurity Maturity Model: A Comprehensive Guide to Enhanced Digital Security

Monday, August 21st, 2023

In today’s digital-driven world, where cyber threats lurk around every corner, organizations seek robust frameworks to bolster their security posture. Enter the NIST Cybersecurity Maturity Model—a blend of NIST’s foundational principles and the concept of maturity modeling. If you’re aiming to understand, implement, or just curious about this model, you’ve landed at the right place. […]

Shining a Light on Security: Navigating NIST 800-171’s Audit and Accountability Family

Tuesday, August 15th, 2023

Introduction As cybersecurity threats intensify and diversify, it’s imperative for organizations to not just implement defensive strategies but also ensure their effectiveness. This need for assurance is where NIST’s (National Institute of Standards and Technology) Special Publication 800-171 becomes instrumental. Designed to protect Controlled Unclassified Information (CUI) in non-federal systems, one of its standout components […]

The Hack that Keeps on Hacking

Tuesday, December 15th, 2020

Every day, the information we learn about the FireEye hack just keeps getting increasingly worse. Last week we wrote about the hack occurring; yesterday we reported that not only was FireEye impacted, but the US government was, as well… Along with businesses and other governments across the globe; and today, we are starting to understand […]

Must I Comply with the New DFARS Interim Rule?

Wednesday, November 11th, 2020

Based on some confusing and potentially conflicting information we have found, we thought it was extremely important to clarify all expectations that the DoD has of its primes, subs and vendors. From listening to podcasts, watching and attending webinars, and reading any and every publication and white paper we can get our hands on, one […]

NIST Dishonesty: What Happens When Contractors Aren’t Truthful

Monday, November 9th, 2020

Penalties: Case Studies (An Excerpt from Craig’s newest book: “Ultimate Guide to CMMC: How to Access Millions in Government Contracts”) As we have established, it is clear that the “self-reporting” and “honor system” for government contractors who are required to abide by NIST 800-171 to gain government contracts is NOT working. But just because everyone […]

URGENT DFARS UPDATE: Do Not Lose Your Contract!

Friday, November 6th, 2020

“CMMC certification is your Driver’s License on the Information Superhighway.” -Katie Arrington And if that’s the case (which it is), then the self-assessment required by the new DFARS Interim Rule is your permit… One that you must attain before December 1st, 2020 if you want to keep your car on the road- or your contract […]

Is HIPAA’s Security Rule Adaptive Enough to Stay Relevant?

Monday, April 6th, 2020

With the halt of HIPAA (Health Insurance Portability and Accountability Act of 1996) audits by the Department of Health and Human Services’ Office (HHS) for Civil Rights (OCR), the healthcare industry is seeing a decline of about 2% annually in compliance with HIPAA’s Security Rule (NIST 800-66).  With that, however, has been a rise in […]

Falling Down the CMMC Rabbit Hole

Wednesday, February 26th, 2020

Sometimes, government requirements and regulations can make you feel like you are Alice falling down new rabbit holes, trying to figure out just what exactly your business needs to do to win (and keep) your contracts and subcontracts. Do you need to be NIST certified? SP 800-53 or SP 800-171, or both?  What are FARS […]

Is CMMC Going to Cost My Business a Small Fortune?

Monday, February 17th, 2020

One of the most frequent questions I hear from our clients about the new Cybersecurity Maturity Model Certification, after a few choice words, is: “How much is this going to cost me?” It’s a great question, and one I can’t fully answer because, unfortunately, they haven’t even rolled out the auditor program yet!! That being […]