The Cyberspace Solarium Commission (CSC) was established in 2019 to provide a thoughtful and unified national plan for protecting the information and networks that enable American economic prosperity and national security against countries and criminals who wish to steal or do harm. The direct connection to Congress or the White House is obvious, but the work […]
Currently browsing: Uncategorized
Webinar Lays out the Need and Importance of CMMC Standards
AFCEA hosted a virtual webinar April 23rd, gathering panelists and keynote speakers to address the Cybersecurity Maturity Model Certification (CMMC) model and the timeline for implementation of these standards. Ardalyst was proud to be one of the sponsors of the event, which featured Katie Arrington, the Chief Information Security Officer for the Office of the […]
Balancing cost and security in preparing for CMMC certification
The recently announced Cybersecurity Maturity Model Certification (CMMC) is the standard companies will have to meet in order to do business with the Federal Government – as early as this summer. Depending on your proficiency level and depth of knowledge, this reality may be causing your team stress and anxiety. Don’t let it. With the […]
Red Teaming Strengthens Your Organization’s Threat Detection
The recent rise in remote work has not stopped malicious actors, and if anything cybersecurity is even more critical than it was before as opportunistic attackers target insecure remote connections. The ability to assess and validate your network is increasingly vital. For smaller applications, that means penetration testing, as we’ve written recently. But as organizations […]
In Uncertain Times, Pen Testing Supports Your Company’s Growth
The COVID-19 pandemic has had a widespread impact on policies and practices across both government and industry. Small businesses and large agencies alike have had a few weeks now to experiment with their mass telework and operations plans, and are beginning to understanding how secure their connections are, what their basic cyber hygiene is and what they need to minimize further disruption to their missions. COVID-19 has not stopped malicious actors. In fact, it is typically at […]
Security Considerations for Telework
So your business is teleworking now. Your employees are spending a lot of time in conference calls, virtual meetings and chats using teleconference applications and software. Maybe the team’s even using these applications for the ever-popular virtual office happy hour, which is gaining popularity every day. Now is good time to ask if these platforms […]
DoD Releases CMMC Version 1.0
The Department of Defense has finalized and released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) framework, making official the requirement for all Defense Industrial Base (DIB) contractors to achieve certain levels of certification to continue bidding on defense contracts. Here are some initial thoughts from our analysts. Institutionalization of Security Processes CMMC v1.0 […]
Summary of Changes to CMMC with Release of v0.7
Draft 0.7 of the Cybersecurity Maturity Model Certification (CMMC) framework was released today by USD(A&S). Our initial takeaways regarding the changes from v0.6 to v0.7 are: There was no change to the number of domains, but additional capabilities were added to the following domains: There were no changes to the practices in Level 1. Three […]
How Adversary Simulation and Emulation Improve your Security Posture
It’s hard to measure risk without knowing the weaknesses in your system, people and processes. Understanding your vulnerabities and potential exposure from the adversary perspective is vital to successful defense of your system and navigating through an attack. To this end Adversary Emulation and Simultation are important tools to both knowing your systems and validating […]
Initial Thoughts on Draft CMMC Model v0.6
After a public review of Draft CMMC v0.4 (Cybersecurity Maturity Model Certification) framework and assessment of the feedback, the USD(A&S) (Office of the Under Secretary of Defense for Acquisition and Sustainment) has released v0.6. It comes with a number of interesting and unexpected changes. Summary of Changes One whole domain (Cybersecurity Governance) was removed and […]