• The Deadline for SP 800-171 Has Come and Gone: What to Know and Do If You Missed It

    For government contractors who deal with Controlled Unclassified Information (CUI), the deadline for compliance with DFARS 252.204.7012/NIST SP 800-171 came and went on December 31, 2017.  Did you make it? The purpose of 800-171 is basically two-fold: To ensure that those who handle CUI have in place standardized security procedures, allowing the government to assess ... Read More →

  • NIST 800-53 Rev 5 Update

    Winter is Coming Reminder:  The planned winter release of NIST 800-53 Revision 5 Security and Privacy Controls for Systems and Organizations now has a date and it is December 27, 2018. The draft version is available at https://csrc.nist.gov/News/2017/NIST-Release-First-Draft-SP-800-53-Rev-5 and the last public draft for final review is out on September 14, 2018. We recommended that you start reviewing ... Read More →

  • Compliance for Small Businesses

    Compliance for Small Businesses The security compliance burden is increasing for all businesses. This is driven by continuing and high-publicized security incidents such as the recent Equifax disclosure. The cost of compliance is especially onerous for small businesses that do not have the resources to meet these increasing security controls, not to mention the maintenance ... Read More →

  • Your Supply Chain Security Deadline is Looming

    If your organization has a contract with DoD and that contract contains the DFARS 252.239-7018 clause you have until 31 December of this year to implement the requirements specified in NIST Special Publication 800-161. What is driving this emphasis on supply chain security? An increasing trend in cyber-attacks on DoD contractors via the supply chain. ... Read More →

  • The Evolution of Continuous Monitoring

    When organizations first started efforts towards FISMA compliance, the requirement of Continuous Monitoring (CM) was interpreted at a high level. To most organizations, CM meant conducting quarterly risk assessments, periodic vulnerability scanning, and annual FISMA assessments. However, with the emergence of cloud computing and FedRAMP, CM began to be viewed as a more vital component ... Read More →