The protection of software requires a strong security posture in the Software Development Lifecycle (SDLC). Implementing standard security controls (SAST, SCA, DAST, etc.) is an instrumental step to produce secure software but is not enough. While these security controls are key security components, even with well-secured software, attackers can embed malicious code in software without…...

It can be daunting for a small or medium (SMB) to know the right questions to ask a potential managed services provider (MSP) as the business navigates its internal requirements and considers future Cybersecurity Maturity Model Certification.  To assist, the ND-ISAC Small and Medium Business Working Group created a guide to address the challenges presented…...

The National Defense Information Sharing & Analysis Center (ND-ISAC) is pleased to announce the release of a “C3PAO Shopping Guide for Small & Medium-Sized Businesses.”  The guide was created through a team effort among participants in ND-ISAC’s Small & Medium-Sized Business Working Group in consultation with other SMBs across the Defense Industrial Base (DIB), along…...

Empowering the DIB Sector: ND-ISAC's Cloud Security & Architecture and Microsoft Cloud Services Working Groups Publish Multi-Tenant and External Collaboration Challenges Whitepaper ND-ISAC has more than 25 technical Working Groups where member company subject matter experts collaborate on defending against cyber threats, and developing best practices and solutions to common challenges.  Among other areas, ND-ISAC Working…...

Cloud-native applications encompass a new approach on how software is built, deployed, and managed in cloud computing environments. With the increased adoption of cloud technologies, many organizations have begun moving applications to the cloud and creating cloud-native applications. While Software Development Lifecycle (SDLC) security controls can help with securing cloud applications, these controls neglect the…...