What are the contractual regulations I need to know?
- There are many standards and regulations impacting contracts today. The “Awareness” section provides links to resources for the US Government, International regulations, and industry standards.
How do I find the latest and greatest cybersecurity news?
- The “Cyber Announcements” section highlights recent alerts, threats, vulnerabilities, and malicious activity notices. The “In The News” provides insight into current trends, happenings, and events surrounding new initiatives from the Department of Defense. “Announcements” has the most up to date summary of frequent, high-impact types of security incidents being reported to the US-CERT.
I need information on current vulnerabilities impacting industry, is there a link to those?
- Yes there is, the “Latest vulnerabilities, exploits, and remediation” section links to resources on the latest vulnerabilities, exploits, and remediations for those exploits as identified by the NIST Information Technology Laboratory’s National Vulnerability Database and Common Vulnerabilities Exposure repositories. It also includes information on current cyber alerts, and National Vulnerability Database updates
Where do I find resources on what cybersecurity implementations are critical?
- The “Implementation & Assessment” section has guidance on a curated list of controls used to enhance an organization’s cybersecurity posture, aptly named the Top 10 High Value Controls. These controls provide greater structure around certain existing requirements, like those found in DFARS 252.204-7012, as well as controls related to Advanced Persistent Threats (APTs). By incorporating the Top 10 High Value Controls, an organization is augmenting their cyber defenses to improve network resiliency and monitoring, while making it more resistant to cyber attacks and limiting the damage when cyber attacks occur.
How do I know what these controls apply to?
- An organization must first define their system boundary and prioritize critical and high value services and assets, as well as the data that supports all of it. By defining the system boundary, an organization is collecting all relevant design documentation and data flows, to ensure a full understanding of how data transits into, through, and out of the system of record. It’s important to ensure system boundaries, identification of high value assets and data are well defined, documented and agreed upon by all parties. A well-defined system boundary enables an organization to fully understand how data ingress and egress, ensures data protection and privacy as well as compliance and sovereignty.
Are there resources listed for specific and dedicated areas of my boundary?
- Yes! Under “Implementation & Assessment”, there are dedicated sections by topic, that provide drill downs into specific areas of a network boundary. Each topic has resources on implementation and assessment of these areas
Feel free to contact us using the Contact Link at the top of the page if you have other questions or comments.