Controlled Unclassified Information: A Basic Introduction to CUI

Blue digital padlock

We’ve written extensively about CMMC and NIST Special Publication 800-171, which cover the handling and protection of Controlled Unclassified Information (CUI). But what is CUI? How is it created, and why is it so important to protect?

Here, we’re digging into CUI and why it’s integral to significant cybersecurity frameworks in the federal marketplace. 

 

Read More

CAVP, FIPS, and Securing Cryptography Systems

digital key image

Most security standards, including government standards, require cryptography. We are generally familiar with implementing a cryptographic algorithm that meets these requirements and calling it a day. However, to ensure security, NIST also publishes standards for validating encryption modules to ensure they serve their purpose under federal standards. 

Here, we’re discussing the Cryptographic Algorithm Validation Program and its relationship to closely related standards and programs, such as Federal Information Processing Standards and the National Voluntary Laboratory Accreditation Program. 

 

Read More

NIAP and Protection Profiles

IT security in the federal market is layered and multifaceted. Specific requirements exist for different types of data platforms and technologies. At a more granular level, standards have been developed for individual IT products: NIAP Protection Profiles.

This article will cover why these profiles are essential for federal security, how to find them, and what to do if there isn’t an available profile to follow. 

 

Read More