What is the Difference Between CMMC, DFARS, and NIST 800-171?

Posted by IMEC on Sep 15, 2020 11:47:13 AM

This is an original post by Roisin Coleman of Alpine Security.

Without Cybersecurity Maturity Model Certificate (CMMC) compliance, a contractor will be barred from all future Department of Defense (DoD) contracts. The CMMC officially launched in January 2020, building upon the DFARS and NIST 800-171 standards with additional requirements for vendors working with the DoD. Understanding CMMC and how it differs from DFARS and NIST 800-171 is crucial to the current and future success of government contractors.

+

Cybersecurity Common Sense is Not Always Common Practice

Posted by IMEC on Sep 14, 2020 2:12:03 PM

This is an original post by Christian Espinosa, CEO/Founder of Alpine Security.

+

Internal Penetration Test vs Vulnerability Assessment: Which is Right for You?

Posted by IMEC on Aug 31, 2020 1:40:04 PM

An original article from Alpine Security.

Introduction

Many organizations ask us to perform an internal penetration test against their internal environment (inside the firewall). They may have heard that this is a good thing to do or think it is required for compliance. The reality is that very few organizations are mature enough to need an internal penetration test. An internal vulnerability assessment usually provides a better ROI. This post explains the main differences between an internal network penetration test and an internal vulnerability assessment. The intent of the article is to help you make an informed decision on which is best for you.

+

Mitigating Risk in Virtual World

Posted by Ken Wunderlich on Mar 26, 2020 8:39:40 AM

Every organization has some level of risk that can impact the organization. Regardless of whether you have a formal quality management system or must meet regimented regulations, leadership, as well as additional stakeholders, have a particularly vested interest in identifying and planning for all potential risks to an organization. The National Institute of Standards and Technology (NIST) has created a guide for conducting risk assessments. Regardless of the technology, the establishment of a standard approach is key.

+

Mitigating Cybersecurity Risks During a Crisis

Posted by Hanoz Umrigar on Mar 25, 2020 9:11:17 AM

IT / OT Infrastructure, Digital Information and IoT devices

With the spread of COVID-19, new challenges and opportunities will arise for keeping your business safe from cybersecurity threats. As the government and businesses work on mitigating the impact of the ongoing outbreak, social distancing measures are leading to an increase in remote working across all sectors. The immediate challenge is “how can I protect my digital assets from a cyber-attack?” Some key vulnerabilities to a cyberattack are Information Technology / Operational Technology (IT / OT) infrastructure, digital information and Internet of Things (IoT) devices.

+

Pandemic in Cyberspace – Are You Prepared?

Posted by Jim Floyd on Mar 24, 2020 9:03:59 AM

As the world weathers the COVID-19 virus pandemic, we are faced with posturing for such and protecting / helping ourselves, family, friends, co-workers and members of our greater communities; but a procrastination of sorts -- coupled with a distrust / disbelief that this will impact me (downplaying the magnitude of such) and not knowing what we don’t know, exponentially raises the risk of infection and serious health consequences coming to bear.

+

Telework Security Basics

Posted by IMEC on Mar 20, 2020 12:15:57 PM

This is an original NIST Cybersecurity Insights blog post, written by Jeff Greene.

Your employer has unexpectedly directed you to telework—and you are feeling overwhelmed. With many changes happening at once, telework security could be an afterthought or completely overlooked. This could put you and your organization at increased risk from attackers, who are always looking for opportunities to take advantage of disruption generally and weak security practices specifically. But it’s more than your organization at risk—if your telework device is compromised, anything else connected to your home network could be at risk too.

+

Preventing Eavesdropping and Protecting Privacy on Virtual Meetings

Posted by IMEC on Mar 19, 2020 1:29:06 PM

This is an original NIST Cybersecurity Insights blog post, written by Jeff Greene.

Conference calls and web meetings—virtual meetings—are a constant of modern work. And while many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Who hasn’t been finishing one call when attendees of the next call start joining – because the access code is the same? In the moment it may be annoying, or even humorous, but imagine if you were discussing sensitive corporate (or personal) information. Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop. Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident.

+

20 Cybersecurity Statistics Manufacturers Can’t Ignore

Posted by IMEC on Mar 6, 2020 2:01:05 PM

This is an original article from NIST Manufacturing Innovation Blog.

Cybersecurity threats are a huge business risk for all companies. Small and medium-sized businesses (SMBs) — including manufacturers — are especially vulnerable to attacks. Small and medium-sized manufacturers (SMMs) are often seen as an easy entry point — a “soft” target — into larger businesses and government agencies. One of the first steps when prioritizing how to manage your business risk is to gather information about the threat environment. The 20 important (and shocking) cybersecurity statistics listed below focus on what manufacturers need to know about the “what” and “so what” of cybersecurity, so they can start planning their “now what” actions.

+

Cybersecurity Maturity Model Certification (CMMC) Version 1.0 Released

Posted by IMEC on Feb 13, 2020 11:01:29 AM

With the release of version 1.0 of the CMMC framework, the DoD will being to include these certification requirements in new DoD solicitations, beginning in the fall of 2020.

The inforgraphic below provides a high-level look at what the Cybersecurity Maturity Model Certification (CMMC) means for DoD contactors. It offers steps contractors can take to prepare for CMMC, important dates and descriptions of practices and processes required to achieve each of the 5 levels of CMMC certification.

+

    Subscribe to Email Updates:

    Stay Connected:

    Posts by Category