Skip to main content
DHS Logo

DHS launching a CDO office and CMMC-like risk management program!

Acting CDO Carlene Lleto is working on eight priority domains that include immigration, law enforcement and cybersecurity. The need for CDO offices was revealed during the COVID-19 pandemic. DHS launched a department wide COVID 19 vaccination campaign in partnership with Department of Veterans Affairs health center. The problem arose when DHS needed to get in contact with workers and it required “extensive time and effort to collecting and reconciling many different datasets from across the department.”

Continue reading

3 Myths About CMMC

Myth #1: You can prepare for a CMMC Audit by comparing cybersecurity posture to NIST SP 800-171 controls.  Myth #2: DoD Contractors need to be certified by an Accredited Assessor to bid on an RFP.   Myth #3: Organizations using the CMMC logo on their website to suggest they are already aligned with the CMMC Accreditation Body (CMMC-AB) for pre-assessment purposes. 

Continue reading

What is Cybersecurity?

The world relies on technology more than ever before. As a result, digital data creation has surged. Today, businesses and governments store a great deal of that data on computers and transmit it across networks to other computers. Devices and their underlying systems have vulnerabilities that, when exploited, undermine the health and objectives of an organization. 

Continue reading

Information Management and Security Incorporation

CUI serves as a label to simplify the ways that information is safeguarded and shared both within and amongst Executive Agencies and their customers. CUI provides universality by allowing for a standardized system of protection used by all Executive Agencies that will minimize any potential gaps in practice that may vary from agency to agency. In today’s world, agencies managing CUI must also manage risk from telework due to COVID.

Continue reading

Identity

NIST Special Publication 800-63B Digital Identity Guidelines

NIST Special Publication 800-63B Digital Identity Guidelines, Authentication and Lifecycle Management includes choices of authenticators that may be used at various Authenticator Assurance Levels (AALs) for use by the US Federal Government.  Authenticators are used to authenticate a user to a resource’s access control mechanism.  Examples of authenticators include credit cards with chips, US Federal Government Personal Identity Verification (PIV) cards and DoD Common Access Cards (CACs). 

Continue reading

Spectre and Meltdown

Spectre and Meltdown are attacks on computing systems that exploit characteristics inherent to most modern computer processors. Specifically, Meltdown is recognized to affect Intel and ARM processors, while Spectre is known to affect Intel, AMD and ARM processors.

Continue reading

Computer Motherboard

The Return of ROCA

The Return of Coppersmith’s Attack (ROCA) is a recently discovered vulnerability in a cryptographic library used in some Infineon Technologies AG chips. It enables an attacker to practicably determine an RSA private key given an RSA public key. Quantum computers, while still in their infancy, will one day be capable of finding private keys like those used in RSA and other asymmetric cryptographic algorithms.

Continue reading

Secret Link