The Pentagon issued the final standards under the Cybersecurity Maturity Model Certification (CMMC) on Friday. Version 1.0 marks the first step towards implementing the new cybersecurity standards into all Department of Defense contracts.   The model, consisting of five levels of security standards, will be phased into requests for information starting this summer. The vast majority of contractors that […]

The Cybersecurity Maturity Model Certification (CMMC) Draft Version 0.7 is live and available here. Version 0.7 includes Level 4-5 practices and modifies some maturity processes and Level 1-3 practices. This draft is another step closer to the final version — CMMC 1.0. The CMMC will be a new contractual requirement for all DoD contractors.  The […]

The Cybersecurity Maturity Model Certification (CMMC) Draft Version 0.6 is live and available here. Draft version 0.6 includes CMMC Levels 1 – 3. Of note, “CMMC Levels 4-5 are not included in this release because public comments are still being addressed.” The updates to CMMC Levels 4 – 5 are expected to be provided in […]

The Department of Defense will publish the second draft of its newly created Cybersecurity Maturity Model Certification early next month. Undersecretary for Acquisition and Sustainment Ellen Lord said in a press conference that version 0.6 of the CMMC will be released for comment the first week of November. “We are looking to roll CMMC out […]

One of the features that helps ensure ITAR compliance within the cloud is known as Information Rights Management (IRM). IRM is a tool by which Controlled Unclassified Information (CUI) and other confidential or sensitive information are protected in a variety of ways. You may be familiar with Digital Rights Management (DRM), which is integrated within […]

The Department of Defense has issued long-awaited cybersecurity standards in draft form for contractors who work with the Pentagon’s sensitive data. Version 0.4 of the Cybersecurity Maturity Model Certification (CMMC) is now live, giving contractors a glimpse into the sort of cybersecurity standards they will need to meet if they want to work on contracts that handle controlled […]

When it comes to industry regulations like ITAR and DFARS, the need for Secure Messaging is at the forefront of reaching and maintaining compliance. For the layman, Secure Messaging relies on a server-based approach that utilizes encryption standards. When a file or email is encrypted, it can only be read by someone who has the […]

Following rules of engagement is a common concept, but knowing the rules — and whether they really apply to one’s own business — is not always a common condition. The federal market can be especially confusing for smaller companies that may be delivering similar products or services to both civilian and military/defense/aerospace agencies. If you […]

Defense contractors will face big changes and tight timelines over the next year as the Department of Defense rolls out its new Cybersecurity Maturity Model Certification framework, experts say. The framework, which aims to certify a company’s compliance with federal cybersecurity regulations around controlled unclassified information (CUI), was announced by DOD officials in June. It […]

It’s tough for small-to-medium businesses (SMBs) to feel cyber-secure when there are newsworthy breaches that have hit major, household-name companies, affecting millions of customer records. Equifax (148 million customer records), JPMorgan Chase (83 million), Marriott International (500 million), Target (110 million), and Yahoo (3 billion) are just a few examples. The situation for SMBs is […]

A decade’s collection of data breaches shows a bleak picture with billions of records exposed in this type of incidents and financial damages of more than $1.6 trillion. Data collected from public sources reveal that since 2008 there were close to 9,700 breach events in the U.S., involving more than 10.7 billion records, with an […]

When it comes to Controlled Unclassified Information (CUI) compliance, data encryption is always at the forefront of the conversation. Today, leading edge features require a high level of security when information is both in-transit and at rest. Let’s begin with a little bit of history on the topic. In 2001, the National Institute of Standards […]

For large organizations with deep pockets, an information security breach is an expensive and embarrassing debacle whose ramifications can last years. But for small and medium-sized businesses (SMBs), a severe incident could mean the end of their business entirely. Centered around people, processes and technology, there are steps organizations of any size can and should […]

The International Traffic in Arms Regulation (ITAR) is an established authoritative and mandatory list of compliance guidelines. These guidelines are set by the State Department’s Directorate of Defense Trade Controls “DDTC”. It is particularly stringent with companies that export products or information outside the United States. These protocols that the DDTC provides can be complicated, […]

BALTIMORE — A Maryland congressman said on Friday that the National Security Agency had denied that one of its hacking tools, stolen in 2017, was used in a ransomware attack on Baltimore’s government that had disrupted city services for more than three weeks. The statement, made by Representative C.A. Dutch Ruppersberger, came in response to an […]

Tech support scams have always been a problem, but they typically were located on small web hosting services throughout the world. Researchers have now observed these scams increasingly moving towards the Microsoft Azure cloud platform for ease of deployment and inexpensive web hosting. Microsoft Azure has a feature called App Services that allows you to quickly and easily […]

Understanding the role of HR and security in protecting sensitive data The human resources department is one of the crown jewels of any organization, housing some of the most sensitive and private information. Cybercriminals frequently target HR with the goal of collecting financial and personal identifiable information—think social security numbers, dates of birth, bank detail […]

When evaluating a secure data room cloud computing vendor, trust is a very important and crucial prerequisite apart from the evident need of a company’s data being in safe hands. Maintaining a culture of risk-based security innovations, keeping up with trends that emerge from new cyber threats and making sure you are in control of […]

Running a business without adequate data security is a massive risk. Crippling data breaches are increasingly common and no business is immune. In 2018, Dubai’s fastest growing startup –Careem– was hit by a cyberattack affecting 14 million users. SMEs are especially vulnerable to attack. Without adequate information and network security you risk damaging your profits and reputation. […]

Spring is here, which means it’s time for spring cleaning. This year, in addition to tidying up the office and sprucing up your operations, make sure you keep digital spring cleaning in mind. After all, a data breach can not only potentially harm your customers, but it can result in a severe loss of trust in […]

Enterprise VPN applications developed by Palo Alto Networks, Pulse Secure, Cisco, and F5 Networks are storing authentication and session cookies insecurely according to a DHS/CISA alert and a vulnerability note issued by CERT/CC, potentially allowing attackers to bypass authentication. As detailed in the Common Weakness Enumeration database in CWE-311, the fact that an app fails to “encrypt […]

Before we begin, let’s take a second to explore the world of ‘watermarking’. Most people are familiar with watermarks— they show up on banknotes, checks, stamps. Others are familiar with the ones that appear in pictures or music. These are the types that are obviously or invisibly embedded in photos, videos and music to prove […]

In what the Federal Emergency Management Agency (FEMA) has acknowledged is a “major privacy incident,” nearly 2.5 million U.S. disaster survivors had their personal information shared with a third-party contractor responsible for setting up temporary housing. This data breach represents a violation of the Privacy Act of 1974 as well as official policy of the […]

What exactly is an audit trail?  To be considered ITAR compliant, the US Government requires the implementation of a program that involves detailed tracking and monitoring of technical data. This is a particularly rigid aspect of ITAR because having a thorough log that shows how the sensitive-data was accessed is crucial to the protection of […]

One of the biggest challenges that IT professionals face today is the ever more urgent need for tight security. Services struggle to keep up with an increasingly globalized network of clients, customers, and stakeholders, and with this challenge comes a risk of data breach. With some very high profile data breaches in recent years, the […]