NDISAC Blog

APPLICATION SECURITY: CODE SIGNING

The protection of software requires a strong security posture in the Software Development Lifecycle (SDLC). Implementing standard security controls (SAST, SCA, DAST, etc.) is an instrumental step to produce secure software but is not enough. While these security controls are key security components, even with well-secured software, attackers can embed malicious code in software without…...
... Continue reading

DIB MSP SHOPPING GUIDE FOR SMALL AND MEDIUM-SIZED BUSINESSES

It can be daunting for a small or medium (SMB) to know the right questions to ask a potential managed services provider (MSP) as the business navigates its internal requirements and considers future Cybersecurity Maturity Model Certification.  To assist, the ND-ISAC Small and Medium Business Working Group created a guide to address the challenges presented…...
... Continue reading

ND-ISAC Releases C3PAO Shopping Guide for Small & Medium-Sized Businesses

The National Defense Information Sharing & Analysis Center (ND-ISAC) is pleased to announce the release of a “C3PAO Shopping Guide for Small & Medium-Sized Businesses.”  The guide was created through a team effort among participants in ND-ISAC’s Small & Medium-Sized Business Working Group in consultation with other SMBs across the Defense Industrial Base (DIB), along…...
... Continue reading

ND-ISAC WORKING GROUP TACKLES MULTI-TENANT AND EXTERNAL COLLABORATION CHALLENGES

Empowering the DIB Sector: ND-ISAC's Cloud Security & Architecture and Microsoft Cloud Services Working Groups Publish Multi-Tenant and External Collaboration Challenges Whitepaper ND-ISAC has more than 25 technical Working Groups where member company subject matter experts collaborate on defending against cyber threats, and developing best practices and solutions to common challenges.  Among other areas, ND-ISAC Working…...
... Continue reading

How To Protect Cloud Native Applications White Paper

Cloud-native applications encompass a new approach on how software is built, deployed, and managed in cloud computing environments. With the increased adoption of cloud technologies, many organizations have begun moving applications to the cloud and creating cloud-native applications. While Software Development Lifecycle (SDLC) security controls can help with securing cloud applications, these controls neglect the…...
... Continue reading

APPLICATION THREAT MODELING WHITE PAPER

Written by ND-ISAC Application Security Working Group in “Application Threat Modeling“, members of the National Defense Information Sharing and Analysis Center (ND-ISAC) offer a structured and systematic methodology to enable organizations to analyze the architecture, understand the flow of information, detect threats, and identify risk mitigation strategies using a proactive approach. This process is executed…...
... Continue reading

Air Force Blue Cyber Education Series For Small Business

The Air Force and Space Force Chief Information Security Officer (DAF CISO), Blue Cyber Education Series hosts resources for Small Businesses and Academic/Research Institutions.  Resources include a "Small Business Cybersecurity Ask-Me-Anything" webinar every Tuesday with Air Force SBIR/STTR Program Office Chief Technology Officer, Kelly Kiernan, as well as educational videos, presentations, and cybersecurity memos. Registration…...
... Continue reading

Software Security Controls: Application Programming Interface (API) Services

Application Programming Interface (API) Services are ubiquitous and becoming more popular every year. Like any technology, the security of APIs is increasingly important as their use spreads. The new whitepaper “Software Security Automation: API Services Security”, written by members of the National Defense Information Sharing and Analysis Center (ND-ISAC), dives into this topic and provides…...
... Continue reading

Software Security Controls: Metrics Automation

In the white paper “Software Security Controls – Metrics Automation”, members of the National Defense Information Sharing and Analysis Center (ND-ISAC) complements the earlier series on Software Security Automation. This paper provides a roadmap to use the scan results provided by the security controls implemented in the Software Development Lifecycle (SDLC). This roadmap will help…...
... Continue reading

APPSEC: REMEDIATION WORKFLOW AUTOMATION

Application Security: Remediation Workflow Automation In their third whitepaper, “Remediation Workflow Automation” members of the National Defense Information Sharing and Analysis Center (ND-ISAC) present a multi-stage process intended to enforce comprehensive remediation for findings identified in a highly automated Software Development Lifecycle (SDLC). While a remediation workflow is not specific to application security or software…...
... Continue reading

ND-ISAC Kicks-Off 2021 Working Groups

Did you know ND-ISAC hosts over 23 working groups focused on cyber operations, threat intelligence, compliance/risk management, and engineering?  During the past three years the ND-ISAC working group program has evolved from meetings of peers, to collaborative work environments where teams of subject matter experts combine to share security best practices, support cyber/technology program maturity,…...
... Continue reading

ND-ISAC Application Security 3-Part Training Series: “Application Threat Modeling Training Series”

The National Defense Information Sharing and Analysis Center (ND-ISAC) is honored to announce that we will be offering an application threat modeling training series for our members.  The ND-ISAC Application Security working group identified a subject matter expert to lead a training and discussion to further develop the content knowledge on application threat modeling.  This…...
... Continue reading

ND-ISAC Hosts SolarWinds Compromise Information Session with FireEye

On December 14 (Mon) FireEye briefed its latest findings on the SolarWinds compromise and discovery of the SUNBURST malware to a ND-ISAC members-only webinar. The company provided the latest information, including guidance on how to detect this attack, and answered questions with member companies of the National Defense Information Sharing and Analysis Center™ (National Defense…...
... Continue reading

COVID-19 MEMORANDUM TO THE DEFENSE INDUSTRIAL BASE

On March 20, 2020, the Pentagon published a MEMORANDUM TO THE DEFENSE INDUSTRIAL BASE: subject: “Defense Industrial Base Essential Critical Infrastructure Workforce”. At approximately 10 a.m. on March 23, 2020; the Pentagon released the following supplemental guidance for widest dissemination.  The following information and reporting format prescribe how DIB companies can contact DoD if they experience…...
... Continue reading

DIB SCC Launches Cyber Assist Website

The DIB SCC announced the launch by the SCC Supply Chain Cybersecurity Task Force of the Cyber Assist website via the National Defense Information Sharing and Analysis Center (ND-ISAC).  Link to Cyber Assist: https://ndisac.org/dibscc/cyberassist/...
... Continue reading

Software Security Automation: A Roadmap Towards Efficiency and Security

Software Security Automation: A Roadmap Toward Efficiency and Security White Paper Written by ND-ISAC Application Security Working Group In “Software Security Automation: Roadmap Toward Efficiency and Security”, members of the National Defense Information Sharing and Analysis Center (ND-ISAC) lay out a strategy for transforming application security from a manual, disconnected, bolted-on process to an automated,…...
... Continue reading

Mobile Security Best Practices

Mobile devices are everywhere, and their pervasive use presents a unique challenge in corporate environments. Recognizing the need to come together to discuss security, best practices, and solutions to mobile our ND-ISAC members came together earlier this year to form a Mobile Security Working Group. The working group set out to develop a list of practical mitigations to assist other ND-ISAC members to implement mobile security and provide lessons learned...
... Continue reading

NDISAC Keynote at GW Veterans Day Ceremony

The National Defense ISAC Interim Executive Director, Major Carlos Kizzee, was honored to speak at the George Washington University 10th annual wreath-laying ceremony on November 9, 2018 to commemorate Veterans Day. Mr. Kizzee discussed the purpose o...
... Continue reading

Keeping Infrastructure Strong and Secure

November is Critical Infrastructure Security and Resilience Month, a nationwide effort to raise awareness and reaffirm the commitment to keep our Nation’s critical infrastructure secure and resilient. National Defense ISAC has committed to particip...
... Continue reading

NDISAC Best Practices: Password Security

As National Cybersecurity Awareness Month (NCSAM) winds down, I’ve been thinking of what a typical user can do to help their company secure their data. Cybersecurity is a team sport, even if your company doesn’t have a dedicated security team the...
... Continue reading

NDISAC DIB Security Engineering Summit Recap

Thank you to everyone who attended our first-ever National Defense Information Sharing and Analysis Center (NDISAC) Defense Industrial Base (DIB) Security Engineering Summit in December 2017. The summit brought together security operators, engineers...
... Continue reading

National Defense ISAC Voted into the National Council of ISACs

The National Defense Information Sharing and Analysis Center (NDISAC) is now an official member of the National Council of ISACs (NCI) after a unanimous member vote at the NCI meeting on December 12, 2017. With the NDISAC, the NCI is now comprised of...
... Continue reading

NDISAC Announces New Board Member

The National Defense ISAC is pleased to announce the addition of Christina Fowler, MITRE Principal Cyber Analyst, to the NDISAC Board of Directors. Christina previously served as the DSIE Steering Committee chair. Christina has been an active member...
... Continue reading

Veterans Day: Honoring All Who Have Served

On November 11, our Nation will pay tribute to our military veterans. Across the U.S., citizens will raise the American Flag to honor our troops. As a company focused on National Defense, veterans are a big part of who we are. Both NDISAC and our m...
... Continue reading

Welcome to Critical Infrastructure Security and Resilience Month

Welcome to Critical Infrastructure Security and Resilience Month 2017! November is Critical Infrastructure Security and Resilience Month, a nationwide effort to raise awareness and reaffirm the commitment to keep our Nation’s critical infrastructur...
... Continue reading

Happy National Cyber Security Awareness Month

Happy National Cyber Security Awareness Month (NCSAM) 2017! NDISAC is very excited to celebrate this year as an official NCSAM Champion. NCSAM is celebrated every October by raising awareness and ensuring safe practices online. The month is dedicate...
... Continue reading

DSIE® Announces Creation of and Merger with NDISAC™

The Defense Industrial Base Information Sharing and Analysis Organization (DIB-ISAO) has officially voted to approve the founding of and merging with the National Defense Information Sharing and Analysis Center™ (National Defense ISAC™ ) on Septe...
... Continue reading