Call +1 (888) 896-7580 for Proactive Cyber Security© Services and Solutions

Latest Content ...

Recently, the FedRAMP program (via the OMB) released a request for feedback on new guidance documentation for penetration testing under the program. The new guidance standards target organizations and 3PAOs undergoing or performing penetration tests under FedRAMP requirements. The new guidance addresses new attack vectors targeting subsystems in IT infrastructure.  Here, we’ll cover his newest… Read More

Continue Reading

CMMC is a complex undertaking. Depending on where you are in your certification journey, you could require consulting, assessment, or both. Fortunately, the CMMC program includes training and authorization for two distinct types of organizations: Registered Provider Organizations (RPOs) and Certified Third-Party Assessment Organizations (C3PAOs), each offering different services.  We’re discussing these organizations and which… Read More

Continue Reading

International collaboration between countries in cybersecurity isn’t unheard of, but it involves several miles of red tape and regulations. That’s why many countries seek parity in their security frameworks. One such parity that Canadian officials are seeking is between their own CP-CSC and the CMMC model for handling CUI.  

Continue Reading

HIPAA is a core cybersecurity framework for patients and healthcare providers in the U.S. Unfortunately, a new report from the OCR shows an increase in significant events and a lack of resources to follow up on critical compliance issues.  We’re covering some of this report and the underlying HIPAA requirements reflected in it.   

Continue Reading

In 2023, the American Institute of CPAs (AICPA) launched a revision of its SOC 2 standard. This revision focused specifically on security issues and emphasized “points of focus” to boost SOC 2 audits’ ability to address modern security threats.  

Continue Reading

While typically not mandatory outside financial sectors, SOC 2 is a reliable security compliance model that any organization can follow. This can be seen in its security assessments, which include a robust list of “Common Criteria,” or broad areas of focus that any secure organization should follow. The recent revision of these criteria in 2023… Read More

Continue Reading

In December 2023, the Department of Defense announced its new Proposed Rules for CMMC. This release comes two years after their initial proposal for CMMC 2.0 as a framework.  Many of CMMC’s expected requirements are coming to pass, and the DoD is looking to finalize and aggressively roll out the program over the next three… Read More

Continue Reading

The ongoing rise of state-sponsored Advanced Persistent Threats (APTs) has increased scrutiny of federal and state IT systems security systems. The latest version of CMMC includes a high-maturity level specifically designed to address these threats, which relies primarily on advanced security controls listed in NIST Special Publication 800-172.   

Continue Reading

The complex relationships between government agencies, third-party vendors, and managed service providers form a challenging web of connections that comprise the DoD digital supply chain. Both NIST 800-171 and CMMC address these at various points, expecting providers to adhere to complex security requirements. These requirements can become so complex that they may turn to Managed… Read More

Continue Reading

As organizations move up the CMMC maturity model, they do so for one reason: to prepare themselves better to protect against Advanced Persistent Threats (APTs). These threats are a significant problem in the defense supply chain, and as such, CMMC leans heavily on NIST 800-171 and 800-172 to address them.  This article introduces how these… Read More

Continue Reading

We’ve regularly written about maintaining security and compliance with third-party vendors. While vendors and managed service providers are a crucial part of digital economies, it’s up to the client businesses to ensure they work with vendors that meet their needs.  Following previous discussions of third-party vendor security under standards like SOC 2 and HIPAA, we’re… Read More

Continue Reading

The existence of quantum computers on the horizon has shaken the cryptography world, and researchers and scientists have received a massive response to build feasible Post-Quantum Cryptography (PCQ). Recently, Apple has taken an enormous step forward by announcing their own PCQ systems, PQ3, in Apple devices.  Learn more about PCQ and Apple’s announcement and the… Read More

Continue Reading
View Updates

Call +1 (888) 896-7580 for Proactive Cyber Security© Services and Solutions!

Get Proactive Today!
Click to access the login or register cheese