What is NIST SP 800-171 and What Role Does it Play in Defense Contracting Compliance?

NIST 800-171 featured

The document library of the NIST website can be daunting and seemingly endless in terms of the various frameworks, controls and requirements that it provides. The 800 series, in particular, while important and, in many cases, necessary, is also hard to penetrate if you don’t already have some knowledge of what it contains. This can provide a challenge for organizations working with the DoD supply chain, especially those handling classified or sensitive material. 

In this article, we’ll cover one of these publications: NIST 800-171. This document defines security for a specific form of government information that many contractors under the executive or defense departments: CUI. While important on its own, this document also informs several important security frameworks, namely CMMC.

 

Read More

How to Recognize and Address Insider Threats

insider threats featured

According to federal prosecutors with the U.S. Navy, veteran Johnathan Toebbe, alongside his wife Diana Toebbe, attempted to sell sensitive information regarding Virginia-class submarines. This wouldn’t be the first time an insider threat led to a potential leak of crucial military information, but the fact that it has happened in 2021 indicates that even in 2021, mitigating insider threats is still a vital issue. 

This news should be abundantly clear that insider threats are still a significant problem in modern cybersecurity. Here we’ll discuss what insider threats are and what you can do to reduce or mitigate the dangers of these threats for your organization. 

Read More

What Are Red Team Exercises and What Part Do They Play in Cybersecurity?

red team testing featured

Penetration testing is an increasingly common part of cybersecurity and compliance regulations. The truth is that in many cases, the best way to get to the root of IT vulnerabilities in a system is to expose them to controlled but realistic attack scenarios that probe every interaction and connection in that system. In many cases, organizations will take penetration one step further and use what has been called red team testing. 

Here we’ll discuss the difference between typical pen testing and red team exercises, how red team testing can help you better understand your security risks, and why that’s important for your organization’s compliance efforts. 

Read More