Posted on

Multifactor Authentication – Raising the Bar

mulit factor authentication

Organizations doing business with the U.S. Government, or planning to do so, must consider the potential for increased cybersecurity requirements. Contracts that include the creation, communication and/or storage of controlled unclassified information (CUI) are specifically encumbered by the requirements described in NIST SP 800-171: Protecting Controlled Unclassified Information in NonfederalSystems and Organizations. Additional controls may be imposed if the contract serves the Department of Defense and includes covered defense information. These additional measures can be found outlined in DFARS Clause 252.204-7012: Safeguarding Covered Defense Information and Cyber Incident Reporting.

Continue reading Multifactor Authentication – Raising the Bar
Posted on

Business Operating Policies Enable Compliance

business operating policies for cyber security

Compliance with the security controls described in NIST SP 800-171 Revision 1 and DFARS Clause 252.204-7012 is required for organizations doing business with the U.S. Federal Government that involves the transfer, storage and processing of controlled unclassified information (CUI) and/or covered defense information (CDI).

Continue reading Business Operating Policies Enable Compliance
Posted on

Information System Maintenance and Compliance for CUI Protection

Information System Maintenance & Compliance for CUI Protection

Maintenance Required

If you’re a small business working on a government contract that includes requirements for protection of controlled unclassified information CUI, it’s important to remember that remaining compliant is a continuous process. National Institute of Standards and Technology Special Publication 800-171 contains the guidelines for establishing and maintaining the required security processes and controls inherent in many contract terms. These requirements include maintaining and updating the systems used in support of the contract efforts.

Continue reading Information System Maintenance and Compliance for CUI Protection
Posted on

Credential Stuffing and NIST SP 800-171

Credential Stuffing & NIST SP 800-171

Businesses face a growing number of vulnerabilities and adversarial tactics aimed at compromising the information they hold dear. The data entrusted to organizations in support of government contracts is of great value to those with malicious intent. While compliance with NIST SP 800-171 may be compulsory for your government contract, it also supports business goals for operational security and risk management.

Continue reading Credential Stuffing and NIST SP 800-171
Posted on

NIST SP 800-171 Control Families – Overview

NIST SP 800-171 Control Families Overview

For non-governmental organizations that do, or hope to do, business with the U.S. government, careful consideration must be given to whether controlled unclassified information is part of the specified contract work. Controlled unclassified information (CUI) is sensitive in nature and is restricted from public distribution. This is not classified information, rather products or by-products of contract government work that has been deemed to deserve additional protections.

Continue reading NIST SP 800-171 Control Families – Overview
Posted on

VPN for Business is more than just a VPN

vpn for business is more than just a vpn

For small businesses involved in contracts with the Federal Government or Department of Defense, compliance with security requirements for the protection of controlled unclassified information (CUI), security for your network connections may be a cause of concern.

Control 3.1.17 “Protect wireless access using authentication and encryption.” – National Institute for Science and Technology Special Publication 800-171 Revision 1 Protecting Controlled Unclassified. Information in Nonfederal Information Systems and Organizations.

Continue reading VPN for Business is more than just a VPN
Posted on

World Backup Day and NIST SP 800-171

world backup day and nist sp 800-171

Backups and Archiving

World Backup Day is March 31st – a whole day to help remind us to ensure our valuable information is properly protected and available should the need arise. Obviously, valid backup and recovery is a foundational component of incident response and information security. An incident could be a system malfunction, user error or adversarial maliciousness.

Continue reading World Backup Day and NIST SP 800-171
Posted on

NIST SP 800-171 and DFARS Clause 7012

NIST SP 800-171 & DFARS Clause 7012 .

New Cyber Security Regulations

For small businesses planning to business with the U.S. Government and Department of Defense, new cyber security and incident reporting rules will apply. The rules can impact your contract work and the data sent, received or created as part of those efforts. These rules are primarily codified in the National Institute for Science and Technology Special Publication 800-171 Privacy Controls for Federal Information Systems and Organizations and Clause 252.204-7012 to the Defense Federal Acquisition Regulation Supplement.

Continue reading NIST SP 800-171 and DFARS Clause 7012
Posted on

Email Security and NIST SP 800-171 Compliance

email security Nist compliance

Like most everyone else, we use email services daily in our small business activities. From general announcements to document and file sharing, email is ubiquitous. Adversaries have long known this fact as well and is evidenced by the amount of spam and malicious email we see in our inboxes. In fact, worldwide, more than half of the email we receive can be attributed to unwanted spam, advertising or phishing. Phishing, of course, being one of the most concerning as senders attempt to extract important information or credentials from victims.

Continue reading Email Security and NIST SP 800-171 Compliance