The protection of software requires a strong security posture in the Software Development Lifecycle (SDLC). Implementing standard security controls (SAST, SCA, DAST, etc.) is an instrumental step to produce secure software but is not enough. While these security controls are key security components, even with well-secured software, attackers can embed malicious code in software without…...

It can be daunting for a small or medium (SMB) to know the right questions to ask a potential managed services provider (MSP) as the business navigates its internal requirements and considers future Cybersecurity Maturity Model Certification.  To assist, the ND-ISAC Small and Medium Business Working Group created a guide to address the challenges presented…...

The National Defense Information Sharing & Analysis Center (ND-ISAC) is pleased to announce the release of a “C3PAO Shopping Guide for Small & Medium-Sized Businesses.”  The guide was created through a team effort among participants in ND-ISAC’s Small & Medium-Sized Business Working Group in consultation with other SMBs across the Defense Industrial Base (DIB), along…...

Empowering the DIB Sector: ND-ISAC's Cloud Security & Architecture and Microsoft Cloud Services Working Groups Publish Multi-Tenant and External Collaboration Challenges Whitepaper ND-ISAC has more than 25 technical Working Groups where member company subject matter experts collaborate on defending against cyber threats, and developing best practices and solutions to common challenges.  Among other areas, ND-ISAC Working…...

Cloud-native applications encompass a new approach on how software is built, deployed, and managed in cloud computing environments. With the increased adoption of cloud technologies, many organizations have begun moving applications to the cloud and creating cloud-native applications. While Software Development Lifecycle (SDLC) security controls can help with securing cloud applications, these controls neglect the…...

Written by ND-ISAC Application Security Working Group in “Application Threat Modeling“, members of the National Defense Information Sharing and Analysis Center (ND-ISAC) offer a structured and systematic methodology to enable organizations to analyze the architecture, understand the flow of information, detect threats, and identify risk mitigation strategies using a proactive approach. This process is executed…...

The Air Force and Space Force Chief Information Security Officer (DAF CISO), Blue Cyber Education Series hosts resources for Small Businesses and Academic/Research Institutions.  Resources include a "Small Business Cybersecurity Ask-Me-Anything" webinar every Tuesday with Air Force SBIR/STTR Program Office Chief Technology Officer, Kelly Kiernan, as well as educational videos, presentations, and cybersecurity memos. Registration…...

In the white paper “Software Security Controls – Metrics Automation”, members of the National Defense Information Sharing and Analysis Center (ND-ISAC) complements the earlier series on Software Security Automation. This paper provides a roadmap to use the scan results provided by the security controls implemented in the Software Development Lifecycle (SDLC). This roadmap will help…...

On December 14 (Mon) FireEye briefed its latest findings on the SolarWinds compromise and discovery of the SUNBURST malware to a ND-ISAC members-only webinar. The company provided the latest information, including guidance on how to detect this attack, and answered questions with member companies of the National Defense Information Sharing and Analysis Center™ (National Defense…...

...

...

On March 20, 2020, the Pentagon published a MEMORANDUM TO THE DEFENSE INDUSTRIAL BASE: subject: “Defense Industrial Base Essential Critical Infrastructure Workforce”. At approximately 10 a.m. on March 23, 2020; the Pentagon released the following supplemental guidance for widest dissemination.  The following information and reporting format prescribe how DIB companies can contact DoD if they experience…...

Mobile devices are everywhere, and their pervasive use presents a unique challenge in corporate environments. Recognizing the need to come together to discuss security, best practices, and solutions to mobile our ND-ISAC members came together earlier this year to form a Mobile Security Working Group. The working group set out to develop a list of practical mitigations to assist other ND-ISAC members to implement mobile security and provide lessons learned...

The National Defense ISAC Interim Executive Director, Major Carlos Kizzee, was honored to speak at the George Washington University 10th annual wreath-laying ceremony on November 9, 2018 to commemorate Veterans Day. Mr. Kizzee discussed the purpose o...

November is Critical Infrastructure Security and Resilience Month, a nationwide effort to raise awareness and reaffirm the commitment to keep our Nation’s critical infrastructure secure and resilient. National Defense ISAC has committed to particip...

As National Cybersecurity Awareness Month (NCSAM) winds down, I’ve been thinking of what a typical user can do to help their company secure their data. Cybersecurity is a team sport, even if your company doesn’t have a dedicated security team the...

Thank you to everyone who attended our first-ever National Defense Information Sharing and Analysis Center (NDISAC) Defense Industrial Base (DIB) Security Engineering Summit in December 2017. The summit brought together security operators, engineers...

The National Defense Information Sharing and Analysis Center (NDISAC) is now an official member of the National Council of ISACs (NCI) after a unanimous member vote at the NCI meeting on December 12, 2017. With the NDISAC, the NCI is now comprised of...

The National Defense ISAC is pleased to announce the addition of Christina Fowler, MITRE Principal Cyber Analyst, to the NDISAC Board of Directors. Christina previously served as the DSIE Steering Committee chair. Christina has been an active member...

On November 11, our Nation will pay tribute to our military veterans. Across the U.S., citizens will raise the American Flag to honor our troops. As a company focused on National Defense, veterans are a big part of who we are. Both NDISAC and our m...

Welcome to Critical Infrastructure Security and Resilience Month 2017! November is Critical Infrastructure Security and Resilience Month, a nationwide effort to raise awareness and reaffirm the commitment to keep our Nation’s critical infrastructur...

Happy National Cyber Security Awareness Month (NCSAM) 2017! NDISAC is very excited to celebrate this year as an official NCSAM Champion. NCSAM is celebrated every October by raising awareness and ensuring safe practices online. The month is dedicate...

The Defense Industrial Base Information Sharing and Analysis Organization (DIB-ISAO) has officially voted to approve the founding of and merging with the National Defense Information Sharing and Analysis Center™ (National Defense ISAC™ ) on Septe...