Garret Grajek, CEH, CISSP, CGEIT’s Post

YouAttest for Identity Security and Compliance:   NIST Guidelines and frameworks are crucial to government contractors.   https://lnkd.in/erkpffEh Important to these NIST recommendations is attestation of identities controlling sensitive data (PHI, PII and CUI) - https://lnkd.in/g9zSZ_gd Know your identities, and privileges, w/ (now AI-powered)   YouAttest.com, contact us:    https://lnkd.in/g96pUae Wes Jones Jeff Chao Rick Mischka  #ITSecurity #governance #cybersecurity  #compliance #mspsecurity

Great read on the DoD’s final CMMC rule! This is a big step forward in solidifying cybersecurity standards for contractors. As someone involved in IT and cybersecurity compliance, I’m curious to hear how others in the industry are preparing to align with these updated requirements. What are your thoughts on the impact this will have, especially for smaller contractors? #CMMC #Cybersecurity #Compliance #DoDCompliance #CyberStandards #DataProtection #ContractorSecurity #CyberDefense #Infosec #GovCon #RiskManagement #SecurityCompliance #CyberThreats #SupplyChainSecurity #FederalContracting

The CMMC 2.0 clock has started. This updated version is streamlined and emphasizes best practices for handling Controlled Unclassified Information (CUI). Preparation is key, especially for those at level 3 who will require external audits to qualify. #CMMC #Cybersecurity #Compliance

Part of the Biden Administration’s push to enhance U.S. cybersecurity capabilities has focused on imposing new requirements on government contractors. The 2023 National Cybersecurity Strategy suggested, for example, that “[c]ontracting requirements for vendors that sell to the federal government have been an effective tool for improving cybersecurity.” Efforts to add new mandates for government contractors continued at pace over the past year, including on secure software development and cyber incident reporting. https://lnkd.in/ecSck6Fd #Cybersecurity #GovCon

What’s NIST 800-53? 🤔💡 Emmanuel Oni explains! Want to simplify compliance? Check out how Security Compass’s SD Elements can help! 🚀💻 https://lnkd.in/gQUrikQj #Cybersecurity #NIST #Compliance #DevSecOps

The Annual White House Information Security report highlights an increase in federal attacks. The 9.9% YoY rise in US federal cybersecurity incidents indicates improper usage and phishing attacks as top causes. Large organizations, small businesses, and local governments can all benefit by implementing stricter access controls, enhancing phishing detection, and ensuring rigorous user awareness training. The report emphasizes the importance of proactive security audits and rapid response plans to mitigate risks and protect sensitive data. #ITsecurityaudits https://lnkd.in/gPSbzbuE

The NIS 2.0 directive itself includes clear guidance on how to improve your cybersecurity stance, and you won’t be surprised to learn that the first recommended cyber hygiene practice listed is the adoption of zero trust principles. In fact, as you review these lengthy regulatory and legal requirements, zero trust comes up routinely as the holy grail to aim for. We are here to support your zero trust journey. “Users should log into applications, rather than networks” #nis2 #zerotrust #cybersecurity #security #zscaler

Elevate your password game with NIST's latest guidelines! Say goodbye to complex, forgettable passwords and hello to stronger, smarter security measures. From choosing length over complexity to the smart use of multifactor authentication (MFA), learn how to fortify your accounts against cyber threats. Don't wait for a breach to rethink your password strategy. Check out our blog for expert insights on adopting NIST recommendations and keeping your digital life secure. #PasswordSecurity #NISTGuidelines #CyberSafety #SecurePasswords #DigitalDefense #TechSafety #OnlinePrivacy #CybersecurityTips #ProtectYourData #StrongPasswords #InfoSec #SafeSurfing #CyberAware

NIST has recently published their updated cybersecurity framework (CSF) 2.0 and security professionals are quickly getting up to speed on the newly added Govern (GV) function. Effectively managing third-party risk is a critical aspect of the new framework. For example, consider GV.SC-06 "Planning and due diligence are performed to reduce risks before entering into a formal supplier relationship." Some crucial due diligence questions you should be asking your third-parties are "How are you securing our data that we share with you?" and "How can you prove no one had unauthorized access to it?" Keyavi's self-protecting data platform greatly reduces potential risks when sharing data with external third-parties. Your organization's security policies (such as who, where, and when data can be accessed) travel within your files wherever they are sent. This shifts the current paradigm away from "trust, but verify" to having certainty that your data cannot be inappropriately accessed by unauthorized individuals regardless of who has it in their local possession. If you're interested in learning more about how Keyavi maps to the new NIST2.0 framework, contact us at [email protected]. #ciso #nist #nistcybersecurityframework #keyavi #dataprotection #supplychain #thirdpartyriskmanagement

The National Institute of Standards and Technology (NIST) has proposed new password guidelines that eliminate outdated, ineffective rules like mandatory resets and complex character requirements. The updated recommendations aim to improve security by focusing on password length and allowing for greater flexibility in composition. NIST also discourages the use of security questions and periodic password changes unless there’s evidence of a breach. #Cybersecurity #NIST #PasswordHygiene #TechStandards #DigitalIdentity #ITSecurity