What is FIPS 140-2? Federal Information Processing Standards Publication 140-2 is a standard for the cryptographic modules used in software and hardware to protect sensitive data. The key difference between FIPS-validated modules and others is the rigorous testing and verification process they undergo. This process can take years, ensuring these modules meet strict security protocols....
On July 19, 2024, what should have been a routine update meant to improve CrowdStrike’s Falcon Sensor software ended up causing chaos. Instead of enhancing the endpoint detection and response system, the update resulted in Windows computers crashing spectacularly, displaying the dreaded “Blue Screen of Death.” This caused disruptions across the globe and across industries...
Disclaimer: This story is entirely fictional. Any resemblance to actual persons, living or dead, or actual events, or actual companies is purely coincidental and unintended. The characters, companies, and events portrayed are purely a work of fiction. Jil Wright, a Certified CMMC Assessor, has provided this narrative to offer organizations seeking certification an example of what...
Disclaimer: This story is entirely fictional. Any resemblance to actual persons, living or dead, or actual events, or actual companies is purely coincidental and unintended. The characters, companies, and events portrayed are purely a work of fiction. Jil Wright, a Certified CMMC Assessor, has provided this narrative to offer organizations seeking certification an example of what...
The Configuration Management (CM) domain in NIST SP 800-171 requires organizations to create and maintain baseline configurations and inventories for all their systems that includes hardware, software, firmware, and documentation. Think of baseline configurations like a snapshot, capturing the ideal system setup. Documenting a system’s desired state and practicing effective configuration and change management are crucial...
Multi-Factor Authentication (MFA) significantly strengthens security for businesses and individuals by adding extra layers of verification before granting access to accounts or devices. Instead of relying on just one factor like a password, MFA requires two or more factors. This makes it much harder for attackers to gain unauthorized access. Research suggests that implementing MFA...
In part one, we talked about what a Continuous Monitoring and Ongoing Maintenance Program should entail. Another huge part of the plan is to create a schedule to do the manual tasks required and to put human eyeballs on some of the tasks that may be automated. We’ll talk about that here as well as...
As most of us have figured out, compliance isn’t a one-time, set it and forget it kind of thing; it’s an ongoing commitment. With systems and threats always changing, it’s crucial to have a continuous monitoring and ongoing maintenance program in place. This includes continuous monitoring of the system, regular monitoring of controls, maintenance, and...
The purpose of the CMMC program is to verify that contractors have proper safeguards for Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) by moving from self-assessment to third-party or government assessments. This marks a significant change for DoD contractors, aimed at increasing accountability and ensuring the implementation of cybersecurity controls across the defense...
