15 05 '19
Microarchitecture Data Sampling (MDS) – Zombieload

Microarchitecture Data Sampling (MDS) – Zombieload

Vulnerability We are following the news of recently published vulnerabilities to Intel CPU architectures. These vulnerabilities are known as microarchitecture data sampling (MDS) flaws, with implementations variously called Zombieload, RIDL, and Fallout. These vulnerabilities are related to previously published Spectre...
14 05 '19
Information System Maintenance and Compliance for CUI Protection

Information System Maintenance and Compliance for CUI Protection

Maintenance Required If you're a small business working on a government contract that includes requirements for protection of controlled unclassified information CUI, it's important to remember that remaining compliant is a continuous process. National Institute of Standards and Technology Special...
16 04 '19
Credential Stuffing and NIST SP 800-171

Credential Stuffing and NIST SP 800-171

Businesses face a growing number of vulnerabilities and adversarial tactics aimed at compromising the information they hold dear. The data entrusted to organizations in support of government contracts is of great value to those with malicious intent. While compliance with...
09 04 '19
NIST SP 800-171 Control Families – Overview

NIST SP 800-171 Control Families – Overview

For non-governmental organizations that do, or hope to do, business with the U.S. government, careful consideration must be given to whether controlled unclassified information is part of the specified contract work. Controlled unclassified information (CUI) is sensitive in nature and...
02 04 '19
VPN for Business is more than just a VPN

VPN for Business is more than just a VPN

For small businesses involved in contracts with the Federal Government or Department of Defense, compliance with security requirements for the protection of controlled unclassified information (CUI), security for your network connections may be a cause of concern. Control 3.1.17 “Protect...
21 03 '19
World Backup Day and NIST SP 800-171

World Backup Day and NIST SP 800-171

Backups and Archiving World Backup Day is March 31st – a whole day to help remind us to ensure our valuable information is properly protected and available should the need arise. Obviously, valid backup and recovery is a foundational component of...
18 03 '19
NIST SP 800-171 and DFARS Clause 7012

NIST SP 800-171 and DFARS Clause 7012

New Cyber Security Regulations For small businesses planning to business with the U.S. Government and Department of Defense, new cyber security and incident reporting rules will apply. The rules can impact your contract work and the data sent, received or...
14 03 '19
Email Security and NIST SP 800-171 Compliance

Email Security and NIST SP 800-171 Compliance

Like most everyone else, we use email services daily in our small business activities. From general announcements to document and file sharing, email is ubiquitous. Adversaries have long known this fact as well and is evidenced by the amount of...
10 09 '18

Email Digital Signatures – Do you know who it’s from?

Is Your Email Secure? Email is ubiquitous with business operations and we’ve established routines and habits for it’s use. But, is the way we use it really trustworthy? How do I know the email you send me is really from...
06 09 '18

Compliance is a Shared Responsibility

    At Assured Bridge, we’ve created services that help businesses meet their security and compliance requirements as described by NIST SP 800-171 and DFARS Clause 7012. It’s important to note that I say “help” here; not all security controls and...