CMMC 2.0, NIST, and Risk Management

CMMC risk featured

Cyber threats continue to grow in complexity and sophistication. To address this evolution, the Department of Defense has introduced the Cybersecurity Maturity Model Certification (CMMC) 2.0 to ensure that defense contractors maintain robust cybersecurity practices to protect Controlled Unclassified Information (CUI). 

To address one of the most important processes in modern security (risk management), CMMC 2.0 includes some risk assessment requirements. 

This article will explore risk management’s vital role in achieving CMMC 2.0 compliance and its connection to the National Institute of Standards and Technology (NIST) guidelines, specifically NIST SP 800-171. We will delve into the various control families of NIST 800-171 and 800-172, their impact on risk management, and the steps organizations can take to address potential risks effectively.

Read More

What Is OCTAVE and OCTAVE Allegro?

OCTAVE allegro featured

The importance of risk management cannot be overstated… and yet, many enterprises struggle with the practice due to a lack of standardization or expertise. And while the challenges that businesses face implementing risk management are understandable, they are no longer acceptable. 

This article will provide an in-depth overview of OCTAVE Allegro, a framework developed to help small and mid-sized businesses effectively approach risk management. Whether you are an IT professional, security analyst, or business owner, understanding the capabilities of OCTAVE Allegro can help you better protect your organization from cyber threats.

 

Read More

What Is ISO 27017 and How Does it Inform Cloud Security?

ISO 27017 featured

As cloud computing continues gaining popularity, organizations increasingly turn to cloud services to store and process their data. However, with this increased reliance on cloud services comes a heightened risk of data breaches and cyber attacks, making cloud security a critical concern for businesses of all sizes.

To address these concerns, the International Organization for Standardization (ISO) has published a code of practice for information security controls for cloud services–ISO 27017. This standard provides guidelines and general principles for securing cloud-based systems and protecting against potential security threats.

This article will explore the critical components of ISO 27017 and their importance in securing cloud-based systems. We will also discuss some of the best practices for implementing ISO 27017 in your organization and the benefits that it can provide. Finally, we will examine some challenges organizations may face when implementing ISO 27017 and guide them on overcoming them.

 

Read More