The Department of Defense (DoD) issued a Notice and Request for Comment on draft guidance that DoD proposes for assessing contractors’ System Security Plans (SSPs) and their implementation of the security controls in NIST Special Publication 800-171. DFARS 252.204-7012 requires defense contractors to provide security for networks where covered defense information is processed, stored, or...Read More
An audit was recently created to determine whether existing Missile Defense Agency (MDA) contractors implemented proper security controls and processes to protect classified and unclassified ballistic missile defense system (BMDS) technical information from internal and external threats. The audit includes MDA responses and recommendations for each comment. This is the first of two audits to...Read More
Welcome to part three of our 3-part series about security and compliance. For those of you who missed part one or two, feel free to follow these links to get up to speed on this series: Part 1: Related but Not the Same, and Part 2: Compliance Means We’re Secure, Right? In the previous two...Read More
Welcome to part 2 in our 3 part series about security and compliance. For those of you who missed part one, feel free to give it a quick read here. When the need for compliance hits your organization, many things can be involved, such as hiring outside consultant help, purchasing new hardware and software, even...Read More
Security Vitals will be collaborating with Merit Network, Inc.’s cyber range to conduct product reviews for SC Magazine Pontiac, MI – Security Vitals has been awarded a new contract with Haymarket Media, publisher of SC Magazine. After an extensive search and review process, Haymarket Media selected Security Vitals as the firm to conduct SC Magazine...Read More
Welcome to part 1 of our 3 part series which dives into complicated relationship between security and compliance. There are many misconceptions about information security’s relation to compliance. Compliance does not equal a sophisticated information security system, nor does having a sophisticated security posture mean you are 100% compliant with a regulation or industry standard...Read More
Last month, a Wi-Fi vulnerability called the KRACK Attack was brought to the surface that potentially affects billions of devices. Now this month, Intel announced a security alert for their processor platforms that could possibly affect millions of devices. How bad is it? Intel’s Management firmware on many recent PC, server, and Internet-of-Things are vulnerable...Read More
Last month in October, security researchers announced perhaps one of the biggest vulnerabilities discovered in the past decade. Say hello to the KRACK vulnerability, which is the clever acronym for what’s known as the Key Reinstallation Attack. KRACK likely affects billions of home and enterprise Wi-Fi devices around the world and is all because of...Read More
A letter regarding the NIST 800-171 compliance deadline from the Director, Defense Pricing/Defense Procurement and Acquisition Policy, in collaboration with the DoD Chief Information Officer and the Deputy Assistant Secretary of Defense, Systems Engineering, has developed the enclosed guidance for acquisition personnel in anticipation of this December 31, 2017 implementation deadline. Read More
