In a classic case of following the letter of the law but not the spirit, contractors have long followed the “checkbox approach” to security compliance, running through a long list of controls and technical requirements to stay on top of audits while ignoring the real dangers that face their business. In 2020, the DoD hopes […]
Data privacy has been a hot topic for some time, and this year it’s all coming to fruition. The California Consumer Protection Act (CCPA) went into effect at the beginning of this month, impacting businesses with a web presence throughout the U.S. Similar legislation may soon be passed in other states, and a federal data […]
In the past year, vendors providing technology to government organizations and contractors have fallen under scrutiny. In May, President Trump signed executive order (EO) 13873, which bans organizations in the U.S from using products produced by companies considered a “national security threat”. This followed concerns that Chinese telecom-giant Huawei could be using its products to […]
October is the scariest month of the year, but not because of Halloween. While the rest of the nation prepares for trick-or-treaters, during October the government observes National Cybersecurity Awareness Month (NCAM) to remind agencies of the scariest danger facing Americans today: cyber-threats. According to Federal CIO Grant Schneider, the U.S government has “come a […]
Staying NISPOM compliant has always been difficult – but when SEAD 3 went into effect in 2017, the standard for security became more than just compliance. Now, organizations must play an active role in monitoring themselves, their employees, colleagues and associates. With Portal Commander™, we can help. Modern Threats Despite popular belief, the modern FSO […]
In accordance with Executive Order 12829, the Defense Security Service (DSS) administers and implements the defense portion of the National Industrial Security Program (NISP). To this end, it publishes the DSS Assessment and Authorization Process Manual (DAAPM) providing a comprehensive Risk Management Framework (RMF) for government agencies and their partners. In June of last year, […]
By October 1st of 2019, the Office of Personnel Management (OPM) will be dissolved with its various functions transferring to other U.S agencies, thanks to an executive order signed by the President in April. While some have found the move perplexing (“out of the blue” as one columnist put it), OPM employees and management have […]
In many ways, the worst thing that can happen for cybersecurity in the public sector is an interruption of operations. During the 35 day shutdown of the U.S government which occurred between December 22, 2018 and January 25th of this year, massive furloughs left IT systems unmanaged throughout federal agencies. From FBI, to DoD and […]
The National Industrial Security Program Operating Manual (NISPOM) defines security standards that must be followed by U.S organizations (government and corporate) with access to classified information. Among other things, the NISPOM provides guidelines to: • Ensure proper clearance for access to classified information• Provide adequate security training/briefings to personnel• Regulate outgoing and incoming visits to […]
In July of 1982, a British man by the name of Michael Fagan climbed a drainpipe in London, broke into Buckingham Palace and triggered several alarms on the premises. Readers might imagine that he was quickly spotted and apprehended by the Queen’s Guard; that Scotland Yard was called onto the scene before quickly apprehending and […]
