CISA Releases New Public Version of CDM Data Model Document

Today, the Cybersecurity and Infrastructure Security Agency CISA released an updated public version of the Continuous Diagnostics and Mitigation CDM Data Model Document. Version 5.0.1 aligns with fiscal year 2023 Federal Information Security Modernization Act FISMA metrics. The CDM Data Model...

Meeting FISMA (M-24-04) Requirements with a Unified Attack Surface Management Strategy

At the end of 2023, the Office of Management and Budget OMB released the FY24 FISMA Guidance M-24-04 with a broad focus on securing the entire attack surface and specific action items for agencies pertaining to High Value Assets, IoT/OT devices, and internet-connected assets. In reference to rece...

U.S. Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security

The U.S. Senate unanimously passed the "Strengthening American Cybersecurity Act" on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country. The new bipartisan legislation, among other things, stipulates entities that experience a cyber incident to...

This Week in Security News - January 14, 2022

This week, read about how crucial it is for security teams to adopt an integrated approach to threat detection, such as remote control, and Congress’s plan to update the Federal Information Security Management Act FISMA for the first time in eight years...

Compliance When Migrating to the Cloud: SQL Server Running on Azure vs. On- Premise

In the age of the data era, where data storage is increasing at an exponential rate and access to information is getting easier and faster, data security is a major concern. There are many cases where we can’t prevent people from accessing data, but we can track and investigate suspicious...

NIST and HIPAA: Is There a Password Connection?

When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by...

FISMA Annual Report to Congress

The Office of Management and Budget OMB has published its Fiscal Year FY 2018 Annual Report to Congress on the implementation of the Federal Information Security Modernization Act of 2014 FISMA. The document includes data reported by agencies to OMB and the Cybersecurity and Infrastructure Securi...

Deploying and Troubleshooting Compliance Baselines

If you are in the IT space, youve most likely encountered or are bound by some form of regulation/framework such as PCI, HIPAA, FISMA, and/or CGIS. Most of these compliance programs require a hardened baseline to be implemented within your information systems to reduce the risk and impact of an...

MindPoint Group and Trend Micro Help Secure NASA’s Successful Journey to the AWS Cloud

For decades NASA has launched countless successful explorations into space, but just recently took on the mission of launching their data into the cloud, similarly to many other organizations today. With the help of MindPoint Group using Trend Micro Deep Security, powered by XGen™, this was yet...

Government Report Critical of FAA Security Controls

The Federal Aviation Administration has been put on notice that its information security controls are not up to par and that a risk-based program must be implemented from the ground up in order to assure the safety of its networks and passengers in the sky. A scathing Government Accounting Office...

U.S. vulnerability management library released Bash vulnerability latest summary-vulnerability warning-the black bar safety net

! Introduction NVD National Vulnerability Databaseis the U.S. government based on vulnerability management data of the standard Knowledge Base, these data support the automation of vulnerability management and security testing, and follow Federal Information Security Management act FISMA is...

FISMA vs FedRAMP: Compliance requirement differences

Organizations that work with, or want to work with, government agencies must manage to government compliance regulations. Almost everyone is familiar with the FISMA compliance standards, but with the announcement of FedRAMP, which provides a structure to manage compliance requirements for "a clou...

House GOP Task Force Favors Private Incentives, Fewer Regulations for Cybersecurity

A House GOP task force called on Congress this week to adopt voluntary incentives – rather than federal requirements – to get private companies to further develop their cyber security. The GOP proposes a combination of tax credits, grants, insurance and rules set by non-regulatory agencies as a w...

New ICE bill would overhaul federal cybersecurity

A bill set to be introduced in the Senate on Tuesday would make wholesale changes to the way that the federal government handles information security, including the establishment of a Nation Officer for Cyberspace, which would sit right below the president. According to a story on...

[VulnWatch] Blank Administrator password in DELL XP Professional install

Vulnerability in DELL Windows XP Professional - default hidden Administrator account allows local Administrator access Systems: DELLtm Laptops with Windowstm; Professional Vulnerable: DELL Laptops with pre installed Microsoft Windows XP Professional SP2 Not Vulnerable: DELL Laptops with Retail...