Protect sensitive data with NIST SP 800-53
Its mission matters for all of us. Working to enhance economic security and improve our quality of life, National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Department of Commerce. To help federal agencies implement the Federal Information Security Modernization Act of 2014 (FISMA), NIST develops and publishes standards and […]
Bake Resilience In with NIST 800-53 Maintenance
For the public and private sectors, National Institute of Standards and Technology (NIST) is an essential resource. NIST SP 800-53 is considered the forefront cybersecurity guidelines for federal information security. Every U.S. federal government agency and some contractors are required to comply with the NIST 800-53 framework to ensure sensitive data is protected. To help […]
Vulnerability scans: an essential tool for multilayer security in NIST 800-171
Sound cyber security takes diligence across all fronts, especially when the focus is on protecting Controlled Unclassified Information (CUI). NIST published special guidance in NIST SP 800-171 to protect confidentiality and establish standards for protecting sensitive federal data used in non-federal information systems. Defense contractors with access to CUI in the performance of their federal […]
CISSP NIST Certification Is an Asset
Cybersecurity is a business imperative today. As risks rise, so does the value of certification for security professionals. A Certified Information Systems Security Professional (CISSP) is the gold standard today. While many organizations value the certification, many more require it. CISSP is often the baseline for career progression in large organizations, including the federal government. […]
Guidance on NIST 800-171 log retention
Keeping security logs is a balance between wanting to have documentation if it’s needed and keeping way too much for too long. Fortunately, we have some guidance that considers best-practices security without the need to build your own data center to house the logs. What is log retention? Log files are detailed, text-based records of […]
Benefits of the NIST Cybersecurity Framework (CSF)
Building a robust cybersecurity program is often difficult for any organization, regardless of size. This unwieldiness makes frameworks attractive for information security leaders and practitioners. The NIST Cybersecurity Framework (CSF) is the top choice of many organizations. See why it should be a cornerstone for your cybersecurity plans. Benefits of the NIST CSF you need […]
Split Tunneling and NIST 800-171
What is split tunneling in cyber security? Split tunneling is often bantered about in cybersecurity. What does it really mean? Split tunneling diverts some data through an encrypted VPN connection while allowing other apps and data to have direct access to the Internet. That’s relevant for remote access-type VPNs (like those used for working from […]
NIST 800-171 Compliance: What you need to know
What is NIST 800-171 Compliance? The National Institute of Standards and Technology (NIST) is the U.S. federal agency tasked with the development and use of cybersecurity standards for sensitive federal government information stored or handled by the federal government, third parties, partners, and contractors. The agency published the NIST 800-171 document to give federal partners […]
NIST vs ISO: Which one is right for your organization?
Choosing a cybersecurity framework can feel overwhelming to organizations that haven’t yet begun the hard work to make their organization more secure. What seasoned organizations would tell their colleagues is this: Putting rigorous, best practice security controls in place allows you to meet any set of industry standards you want or need. In this article, […]
The Cyber AB: What you need to know now
Doing business with the U.S. Department of Defense (DoD) in the cyber realm is essential to national security. So is mitigating risk across the Defense Industrial Base (DIB), fueled by a vast supply chain and contractor support infrastructure. To counter digital risks, the DoD established the Cybersecurity Maturity Model Certification (CMMC). It is one of […]
