How to Create a Comprehensive Access Control Policy (with Template)

Art Clomera Vice President, Operations Granting access to a valuable resource is a question of trust (conditional authorization) and necessity (continuous authentication). For example, consider a company office building. Some areas are publicly accessible, while others are restricted to specific personnel. These restricted areas may have confidential information or sensitive equipment and therefore are limited […]

How to Create a NIST Risk Assessment Report (with Template)

Art Clomera Vice President, Operations It doesn’t do a lot of good to think about cybersecurity risks in generalities. It’s even worse to not think about them at all. Imagine contracting a security firm whose slogan was “We’ll wing it!” Such vagueness invariably leads to a reactive – and, by definition, porous – risk posture […]

Security Assessment Report (SAR) Template with Examples

Art Clomera Vice President, Operations Implementing effective security controls for information systems is a vital and complex undertaking. All Federal agencies require cybersecurity control measures in one form or another – and assessing their effectiveness is a challenge. Due to the complex and quickly evolving nature of cybersecurity threats, it can be difficult to accurately […]

How to Build Your System Security Plan (SSP) with Examples

Art Clomera, Vice President Operations Information system development, use, and eventual decommissioning requires a lot of paperwork – reports, signatures, manuals, approvals, and more. Amongst this mountain of documentation, the System Security Plan (SSP) may well be the granddaddy of them all. It is the encyclopedia and guidebook of all security aspects related to the […]

Cybersecurity Compliance Risk Assessments: How to Conduct in 4 Steps

Shawn Elliott, Vice President, Federal Solutions In an organizational context, “being in compliance” refers to an organization conforming to the applicable standards and rules set by governing entities. These standards and rules can be both external (e.g. laws, industry standards, regulations) or internal (e.g. company policies). Failure to adhere to applicable standards can lead to […]

What is a POAM? (+Free NIST POAM Template)

Art Clomera, CTO, Federal Services – Wouldn’t perfection be great?   Everyone, every organization, every system working exactly the way they should with inexhaustible, flawless precision from the word “Go.” Never worrying about something not going exactly as planned. It sounds pretty great but also pretty impossible… (even boring). Perfection in the world of cyber security […]

The 7 Risk Management Framework (RMF) Steps

Art Clomera, Vice President, Operations We’ve all heard the adage: “Nothing ventured, nothing gained.” In essence, you have to risk something if you want to get things done. So much of our lives involves assessing risk and intelligently managing those risks to meet our needs and achieve our goals. It’s why a motorcyclist wears a […]

Common Cybersecurity Threats and How to Protect Your Government Agency

Shawn Elliott, President, Federal Solutions Cyber threats have become mainstays in the modern news feed. Nearly every day we learn about the latest ingenious digital tool that maliciously exploits its victims to steal their information or money and disrupt legitimate activities. The frequency and severity of these threats are increasing. Cybersecurity sensors recorded approximately 5.3 […]

What is Cybersecurity? (And Why It’s Important)

Art Clomera, Vice President, Operations It’s a simple question with a somewhat complicated answer – at a time when understanding its meaning couldn’t be more important. In a recent industry report, a series of digital trackers stationed across the globe logged more than 5.3 trillion – yes, “trillion” – cyber attacks worldwide in 2021. That’s […]

Risk Management Framework (RMF): The Complete Guide for 2023

Art Clomera, Vice President, Operations Every organization has to manage risk in one form or another. Suppliers manage the risk of having too much or too little product in stock, legal risks are present in virtually every contract negotiation, and of course, insurance companies are built entirely on the principle of managing risk for their […]