Posted on

Business Operating Policies Enable Compliance

business operating policies for cyber security

Compliance with the security controls described in NIST SP 800-171 Revision 1 and DFARS Clause 252.204-7012 is required for organizations doing business with the U.S. Federal Government that involves the transfer, storage and processing of controlled unclassified information (CUI) and/or covered defense information (CDI).

Continue reading Business Operating Policies Enable Compliance
Posted on

Microarchitecture Data Sampling (MDS) – Zombieload

Microarchitecture Data Sampling Zombieload

Vulnerability

We are following the news of recently published vulnerabilities to Intel CPU architectures. These vulnerabilities are known as microarchitecture data sampling (MDS) flaws, with implementations variously called Zombieload, RIDL, and Fallout. These vulnerabilities are related to previously published Spectre and Meltdown flaws.

Continue reading Microarchitecture Data Sampling (MDS) – Zombieload
Posted on

NIST SP 800-171 Control Families – Overview

NIST SP 800-171 Control Families Overview

For non-governmental organizations that do, or hope to do, business with the U.S. government, careful consideration must be given to whether controlled unclassified information is part of the specified contract work. Controlled unclassified information (CUI) is sensitive in nature and is restricted from public distribution. This is not classified information, rather products or by-products of contract government work that has been deemed to deserve additional protections.

Continue reading NIST SP 800-171 Control Families – Overview
Posted on

VPN for Business is more than just a VPN

vpn for business is more than just a vpn

For small businesses involved in contracts with the Federal Government or Department of Defense, compliance with security requirements for the protection of controlled unclassified information (CUI), security for your network connections may be a cause of concern.

Control 3.1.17 “Protect wireless access using authentication and encryption.” – National Institute for Science and Technology Special Publication 800-171 Revision 1 Protecting Controlled Unclassified. Information in Nonfederal Information Systems and Organizations.

Continue reading VPN for Business is more than just a VPN
Posted on

Email Security and NIST SP 800-171 Compliance

email security Nist compliance

Like most everyone else, we use email services daily in our small business activities. From general announcements to document and file sharing, email is ubiquitous. Adversaries have long known this fact as well and is evidenced by the amount of spam and malicious email we see in our inboxes. In fact, worldwide, more than half of the email we receive can be attributed to unwanted spam, advertising or phishing. Phishing, of course, being one of the most concerning as senders attempt to extract important information or credentials from victims.

Continue reading Email Security and NIST SP 800-171 Compliance