What is FIPS 140-2? Federal Information Processing Standards Publication 140-2 is a standard for the cryptographic modules used in software and hardware to protect sensitive data. The key difference between FIPS-validated modules and others is the rigorous testing and verification process they undergo. This process can take years, ensuring these modules meet strict security protocols....
Author: Jillian Wright (Jillian Wright)
The CrowdStrike Outage: Risk Assessments & Single Points of Failure
On July 19, 2024, what should have been a routine update meant to improve CrowdStrike’s Falcon Sensor software ended up causing chaos. Instead of enhancing the endpoint detection and response system, the update resulted in Windows computers crashing spectacularly, displaying the dreaded “Blue Screen of Death.” This caused disruptions across the globe and across industries...
VerySecure UAV’s On-Site CMMC Assessment – Physical Security & related domains
Disclaimer: This story is entirely fictional. Any resemblance to actual persons, living or dead, or actual events, or actual companies is purely coincidental and unintended. The characters, companies, and events portrayed are purely a work of fiction. Jil Wright, a Certified CMMC Assessor, has provided this narrative to offer organizations seeking certification an example of what...
CMMC Assessment – SI Domain – MakeBelieve Manufacturing
Disclaimer: This story is entirely fictional. Any resemblance to actual persons, living or dead, or actual events, or actual companies is purely coincidental and unintended. The characters, companies, and events portrayed are purely a work of fiction. Jil Wright, a Certified CMMC Assessor, has provided this narrative to offer organizations seeking certification an example of what...
Baseline Configurations: The First Step in Configuration Management
The Configuration Management (CM) domain in NIST SP 800-171 requires organizations to create and maintain baseline configurations and inventories for all their systems that includes hardware, software, firmware, and documentation. Think of baseline configurations like a snapshot, capturing the ideal system setup. Documenting a system’s desired state and practicing effective configuration and change management are crucial...
Multi-factor Authentication (MFA) and How to Thwart Bypass Attacks
Multi-Factor Authentication (MFA) significantly strengthens security for businesses and individuals by adding extra layers of verification before granting access to accounts or devices. Instead of relying on just one factor like a password, MFA requires two or more factors. This makes it much harder for attackers to gain unauthorized access. Research suggests that implementing MFA...
Part 2: Your Guide for Continuous Monitoring and Ongoing Maintenance
In part one, we talked about what a Continuous Monitoring and Ongoing Maintenance Program should entail. Another huge part of the plan is to create a schedule to do the manual tasks required and to put human eyeballs on some of the tasks that may be automated. We’ll talk about that here as well as...
Your Guide to Continuous Monitoring and Ongoing Maintenance for CMMC
As most of us have figured out, compliance isn’t a one-time, set it and forget it kind of thing; it’s an ongoing commitment. With systems and threats always changing, it’s crucial to have a continuous monitoring and ongoing maintenance program in place. This includes continuous monitoring of the system, regular monitoring of controls, maintenance, and...
Meeting CMMC Standards – 10 Major Challenges to Overcome for Success
The purpose of the CMMC program is to verify that contractors have proper safeguards for Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) by moving from self-assessment to third-party or government assessments. This marks a significant change for DoD contractors, aimed at increasing accountability and ensuring the implementation of cybersecurity controls across the defense...
International Website
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas ut aliquam libero. Phasellus egestas turpis eu feugiat viverra. Etiam luctus tempor diam non ullamcorper. Ut in varius nulla. Sed nec odio vitae ligula pellentesque luctus sit amet volutpat diam. Donec ac sollicitudin nulla. Vestibulum elit libero, mollis nec hendrerit in, gravida a tellus. Mauris massa...