NIST SP 800-172 (Formerly SP 800-171B) Release Couldn’t Come at a Better Time

NIST’s timely new release of Special Publication (SP) 800-172 (formerly referred to in draft form as 800-171B) provides exactly what its title says, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST… Continue reading NIST SP 800-172 (Formerly SP 800-171B) Release Couldn’t Come at a Better Time

Notable Enhancements to the New Version of NIST SP 800-53

As an infosec professional, you’ve likely heard of the National Institute of Standards and Technology (NIST). If you are unfamiliar with NIST, it is an organization that produces many publications including the well-respected Special Publication SP 800… Continue reading Notable Enhancements to the New Version of NIST SP 800-53

Cybersecurity Maturity Model Certification (CMMC) and Why You Should Care

The U.S. Department of Defense released the first version of the Cybersecurity Maturity Model Certification (CMMC) back on January 31, 2020. Since that time, there has been a flurry of different industry experts working towards helping clients understa… Continue reading Cybersecurity Maturity Model Certification (CMMC) and Why You Should Care

Building on the IAM Benefits of SSO with MFA and Privileged Access Management

In part one of this post, we talked about why identity access management (IAM) is important.  In that discussion, we identified three types of IAM: Single Sign On Multi-Factor Authentication Privileged Access Management We discussed the different … Continue reading Building on the IAM Benefits of SSO with MFA and Privileged Access Management

Understanding Single Sign On as a Means of Identity Access Management

I usually spend my mornings doing some reading and enjoying my coffee. On this one particular morning, I noticed that I had received an email from a gaming company I had created an account with around 10 years ago for my kids. They had sent me a code t… Continue reading Understanding Single Sign On as a Means of Identity Access Management

Revisiting the Risk Management Framework in Light of Revision 2

It doesn’t seem very long ago that I was writing about the newly released Risk Management Framework (RMF) and explaining the value of NIST SP 800-37 to our clients. With RMF Revision 2 just recently published in December of 2018, I thought it wou… Continue reading Revisiting the Risk Management Framework in Light of Revision 2

Death, Taxes and Compliance Updates – An Update to NIST 800-171

New updates to compliance requirements are as regular as the rising and setting of the sun. Recently, The National Institute of Standards and Technology (NIST) released an update to NIST SP 800-171, now known as SP 800-171A. The purpose of this release… Continue reading Death, Taxes and Compliance Updates – An Update to NIST 800-171

Log Management for Government Agencies: What You Need to Know

Without a doubt, log management should be part of the core of any IT security platform of a government agency. It has a role in not only security but also in operations and compliance requirements. Logging can provide situational awareness of things ha… Continue reading Log Management for Government Agencies: What You Need to Know

General Services Administration (GSA) Pointing to New IT Security Rules for Contractors

On January 12, 2018, GSA (General Services Administration) posted a request for public comment regarding updates to the General Services Administration Acquisition Regulation that will include new cybersecurity compliance and reporting requirements for… Continue reading General Services Administration (GSA) Pointing to New IT Security Rules for Contractors

How to Apply the Risk Management Framework (RMF)

What is the Risk Management Framework? The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,… Continue reading How to Apply the Risk Management Framework (RMF)