• Have you Google Hacked Your Site Yet?

    Sometimes organizations store files on their web sites that they believe are not accessible to the general public.  As part of ongoing vulnerability scanning and pen testing it is also good to add Google Hacking to your tool box.  Google Hacking involves using the Google search engine to identify vulnerabilities in websites.  A multitude of ... Read More →

  • Classical FISMA versus the Risk Management Framework System Categorization and Control Selection

    System categorization and control selection is a key component of FISMA which can greatly impact the level of effort.   Depending on whether you are using the classic FISMA approach or the Risk Management Framework it is critical you get it right.  The following discusses this process under both scenarios. System categorization is the process of ... Read More →

  • The Latest News On NIST 800-53 Revision 5

    As always, we like to keep you up to date on the latest federal government security requirements. The planned release of NIST 800-53 Revision 5 Security and Privacy Controls for Systems and Organizations has been delayed and is still in internal review. The key objectives of this standard are to provide a comprehensive set of ... Read More →

  • FISMA Versus FedRAMP: A Brief Overview

    Recently, several of our clients have inquired about upgrading their FISMA compliant applications to be FedRAMP compliant. This would enable them to offer their products in a hosted environment. Therefore, we offer this blog which will discuss at a high level the differences in both processes and the actual controls required to become FISMA vs. ... Read More →

  • Proposed NIST Revision 5 Changes

    NIST has reviewed input from a number of organizations and business and has published some of their proposed changes for Revision 5. The good news is that these changes do not impact the actual security controls, and organizations would not be required to make updates to security documentation including the System Security Plan, outside of ... Read More →