We are following the news of recently published vulnerabilities to Intel CPU architectures. These vulnerabilities are known as microarchitecture data sampling (MDS) flaws, with implementations variously called Zombieload, RIDL, and Fallout. These vulnerabilities are related to previously published Spectre and Meltdown flaws.
Continue reading Microarchitecture Data Sampling (MDS) – Zombieload
For non-governmental organizations that do, or hope to do, business with the U.S. government, careful consideration must be given to whether controlled unclassified information is part of the specified contract work. Controlled unclassified information (CUI) is sensitive in nature and is restricted from public distribution. This is not classified information, rather products or by-products of contract government work that has been deemed to deserve additional protections.
Continue reading NIST SP 800-171 Control Families – Overview
For small businesses involved in contracts with the Federal Government or Department of Defense, compliance with security requirements for the protection of controlled unclassified information (CUI), security for your network connections may be a cause of concern.
Control 3.1.17 “Protect wireless access using authentication and encryption.” – National Institute for Science and Technology Special Publication 800-171 Revision 1 Protecting Controlled Unclassified. Information in Nonfederal Information Systems and Organizations.
Continue reading VPN for Business is more than just a VPN
Like most everyone else, we use email services daily in our small business activities. From general announcements to document and file sharing, email is ubiquitous. Adversaries have long known this fact as well and is evidenced by the amount of spam and malicious email we see in our inboxes. In fact, worldwide, more than half of the email we receive can be attributed to unwanted spam, advertising or phishing. Phishing, of course, being one of the most concerning as senders attempt to extract important information or credentials from victims.
Continue reading Email Security and NIST SP 800-171 Compliance