Cyber Security Archives - Assured Bridge

Posted on May 14, 2019May 21, 2019 by Dan Bjorklund

Information System Maintenance and Compliance for CUI Protection

Maintenance Required

If you’re a small business working on a government contract that includes requirements for protection of controlled unclassified information CUI, it’s important to remember that remaining compliant is a continuous process. National Institute of Standards and Technology Special Publication 800-171 contains the guidelines for establishing and maintaining the required security processes and controls inherent in many contract terms. These requirements include maintaining and updating the systems used in support of the contract efforts.

Posted on April 16, 2019May 7, 2019 by Dan Bjorklund

Credential Stuffing and NIST SP 800-171

Businesses face a growing number of vulnerabilities and adversarial tactics aimed at compromising the information they hold dear. The data entrusted to organizations in support of government contracts is of great value to those with malicious intent. While compliance with NIST SP 800-171 may be compulsory for your government contract, it also supports business goals for operational security and risk management.

Posted on April 9, 2019May 7, 2019 by Dan Bjorklund

NIST SP 800-171 Control Families – Overview

For non-governmental organizations that do, or hope to do, business with the U.S. government, careful consideration must be given to whether controlled unclassified information is part of the specified contract work. Controlled unclassified information (CUI) is sensitive in nature and is restricted from public distribution. This is not classified information, rather products or by-products of contract government work that has been deemed to deserve additional protections.

Posted on April 2, 2019May 7, 2019 by Dan Bjorklund

VPN for Business is more than just a VPN

For small businesses involved in contracts with the Federal Government or Department of Defense, compliance with security requirements for the protection of controlled unclassified information (CUI), security for your network connections may be a cause of concern.

Control 3.1.17 “Protect wireless access using authentication and encryption.” – National Institute for Science and Technology Special Publication 800-171 Revision 1 Protecting Controlled Unclassified. Information in Nonfederal Information Systems and Organizations.

Posted on March 21, 2019May 7, 2019 by Dan Bjorklund

World Backup Day and NIST SP 800-171

Backups and Archiving

World Backup Day is March 31^st – a whole day to help remind us to ensure our valuable information is properly protected and available should the need arise. Obviously, valid backup and recovery is a foundational component of incident response and information security. An incident could be a system malfunction, user error or adversarial maliciousness.

Posted on March 18, 2019May 9, 2019 by Dan Bjorklund

NIST SP 800-171 and DFARS Clause 7012

New Cyber Security Regulations

For small businesses planning to business with the U.S. Government and Department of Defense, new cyber security and incident reporting rules will apply. The rules can impact your contract work and the data sent, received or created as part of those efforts. These rules are primarily codified in the National Institute for Science and Technology Special Publication 800-171 Privacy Controls for Federal Information Systems and Organizations and Clause 252.204-7012 to the Defense Federal Acquisition Regulation Supplement.

Posted on March 14, 2019May 7, 2019 by Dan Bjorklund

Email Security and NIST SP 800-171 Compliance

Like most everyone else, we use email services daily in our small business activities. From general announcements to document and file sharing, email is ubiquitous. Adversaries have long known this fact as well and is evidenced by the amount of spam and malicious email we see in our inboxes. In fact, worldwide, more than half of the email we receive can be attributed to unwanted spam, advertising or phishing. Phishing, of course, being one of the most concerning as senders attempt to extract important information or credentials from victims.