Clarifying SSDF: An Overview of the Secure Software Development Framework
Art Clomera Vice President, Operations In response to President Biden’s Executive Order on “Improving the Nation’s Cybersecurity (14028)“, the National Institute of Standards and Technology (NIST) designed the Secure Software Development Framework (SSDF). The creation of the SSDF was a strategic move to bolster the cybersecurity posture of Federal agencies. NIST also developed the Risk […]
Demystifying POAM: Definition, Template & Example Walkthrough
Art Clomera, CTO, Federal Services – Wouldn’t perfection be great? Everyone, every organization, every system working exactly the way they should with inexhaustible, flawless precision from the word “Go.” Never worrying about something not going exactly as planned. It sounds pretty great but also pretty impossible… (even boring). Perfection in the world of cyber security […]
NIST 800-53: What is it and What are the Control Families?
Art Clomera, Vice President, Operations Ensuring the security of information systems is a complex but necessary task that virtually every modern organization must undertake to some degree or another. One effective method of tackling information system security is to use the Risk Management Framework (RMF) developed by the National Institute of Standard and Technology (NIST). […]
Cybersecurity Automation: How to Strengthen Defense While Reducing Manual Work
Art Clomera Vice President, Operations India, the US, Indonesia, and China alone account for almost half of the total reported cyberattacks in the government sector. Threats, ranging from espionage to malware designed to disrupt critical national infrastructure, are a defining feature of modern geopolitical relations. This barrage demands always-on, predictive, continuously improving advanced cybersecurity measures. […]
NIST Security Controls Explained (with Examples)
Art Clomera Vice President, Operations Federal agencies would be paralyzed without the data centers and software systems that store and process data. But many cyberattacks aren’t politically motivated. Government agencies worldwide are often targeted for the vast quantities of personal information they keep about citizens. The market for this stolen data is more lucrative than […]
Key Insights from the NIST AI Risk Management Framework
Art Clomera Vice President, Operations The AI RMF is an extension of the NIST Risk Management Framework (RMF), tailored for artificial intelligence (AI) systems. It provides organizations with a structured approach to identify, assess and manage risks related to AI technologies throughout their lifecycle. The new battlefield is dominated by software and hardware. To navigate […]
What is DoD Impact Level 5 (IL5)?
Don’t let data breaches compromise your mission. The DoD IL5 standards protect information systems handling data that could devastate national security if breached.
How to Create a Comprehensive Access Control Policy: Template & Example
Art Clomera Vice President, Operations Granting access to a valuable resource is a question of trust (conditional authorization) and necessity (continuous authentication). For example, consider a company office building. Some areas are publicly accessible, while others are restricted to specific personnel. These restricted areas may have confidential information or sensitive equipment and therefore are limited […]
RMF Continuous Monitoring: How to Keep Your Cybersecurity Program Up to Date
Art Clomera Vice President, Operations In today’s fast-paced digital landscape, cybersecurity threats are constantly evolving, making it crucial for Federal agencies to keep their defenses current. Risk Management Framework (RMF) Continuous Monitoring is a process that enables organizations to keep a watchful eye on their cybersecurity program and respond to emerging threats in a timely […]
How to Write a Security Assessment Report (SAR) Using a Template
Art Clomera Vice President, Operations Implementing effective security controls for information systems is a vital and complex undertaking. All Federal agencies require cybersecurity control measures in one form or another – and assessing their effectiveness is a challenge. Due to the complex and quickly evolving nature of cybersecurity threats, it can be difficult to accurately […]
