Note: This is unrelated to Microsoft’s announcement of security patches for other similar vulnerabilities on April 13, 2021. THERE ARE NO MORE RULES Today we are going to talk about what happens when you do not address security problems in your private Information Systems (IS): the systems that you as an individual, or as an […]

There are five types of clouds: Cumulus, Cirrus, Stratus, and Nimbus. Oh, and that computer thing. You know “THE Cloud”. Or, as it is often referred to, the Clowd – a combination of the words Clown and Cloud. See what they did there? What Exactly Is “The Cloud”? Essentially, a ‘Cloud’ is a system for […]

Well, it finally happened. Despite all your efforts in security awareness training and the latest in hardware and software technology, somehow something bad happened: You got breached. Do not freak out or feel too bad. So, what to do? What CAN you do? What SHOULD you do, and what should you NOT do? WHY DO […]

Step 1. Admit You Have A Problem. If you want to play with the big boys – or at least the Department of Defense (DoD) -you need to realize that there are going to be some rules and regulations that you will need to follow. But you don’t want to do this? OK. Take your […]

Today’s article in the Wall Street Journal titled Hacker Group Says It Accessed Tesla’s, Others’ Internal Video-Surveillance Feeds reminds us of the increasing cybersecurity risks to businesses of video conferencing. RegDOX’s whitepaper on CUI and the Risk of Third-Party Sharing Apps addressed this risk and proposed some steps companies can take to protect their confidential […]

The basic federal requirements for safeguarding Controlled Unclassified Information (CUI) in nonfederal systems have relied for some time now on the 110 controls within NIST SP 800-171 rev.2 (February 2020). The National Institute of Standards and Technology (NIST), in response to advance persistent cybersecurity threats, has now released an important supplement to SP 800-171 designated […]

The Office of the Under Secretary of Defense for Acquisition and Sustainment has released a formal instruction on cybersecurity for acquisition authorities and program managers that was effective on December 31, 2020. This document is referred to as DoD Instruction 5000.90 and can be found here. DoDI 5000.90 supersedes portions of the July 2020 issued […]

RegDOX provides a specialized, secure file sharing application that is hosted on Amazon’s AWS GovCloud and meets or exceeds all DoD requirements, including NIST SP 800-171a, CC SRG Impact Level 4[1], and the FedRAMP Moderate Baseline. RegDOX will assist in every way we can with any cyber incident reporting, including immediately responding to and tracking […]

Before evaluating a build versus buy discussion for any commercially available software or cloud application, the discussion should begin with the question “what exactly is the need?” In other words, “what is the use case for the solution?” When the use case is compliance with a set of complicated and demanding regulations and cybersecurity standards, […]

On September 29, 2020, the Department of Defense’s Defense Federal Acquisition Regulations Supplement (DFARS) agency issued an interim rule on Cybersecurity Maturity Model Certification (CMMC)implementation, per DFARS 252.204-7012, The rule is designed to clarify confusion about the integration of the CMMC framework, which has been a topic of concern to many people and businesses that […]