Orlee Berlove, Author at Security Boulevard
What DIB Companies Handling Controlled Unclassified Information (CUI) Need to Know About CMMC 2.0

What DIB Companies Handling Controlled Unclassified Information (CUI) Need to Know About CMMC 2.0

|
(Hint: Comply with NIST SP 800-171) The Department of Defense (DoD) has released updates to its CMMC (Cybersecurity Maturity Model Certification) framework. CMMC 2.0 is a streamlined version of the original model, one that aims to lower costs and simplify the program.   The new framework drops the number of ... Read More
Pragmatic Ransomware Protection for Small Businesses

Pragmatic Ransomware Protection for Small Businesses

|
Small to medium-sized businesses have traditionally paid little attention to cybersecurity. They assume that they’re safe because they don’t have the sort of sensitive data attackers are after. But ransomware changes the game.   The threat ransomware poses to business is not only of data exposure, but also of disrupted ... Read More

It’s Security, Stupid

|
Why Defense Organizations Need to Comply with NIST 800-171 The Department of Defense introduced CMMC in 2019 to better defend the vast attack surface that the DIB presents to cybercriminals. Knowing that over $500 billion is lost each year to our nation’s adversaries, CMMC aimed to improve the overall cybersecurity ... Read More
What DIB Companies Need to do While We Wait for CMMC 2.0

What DIB Companies Need to do While We Wait for CMMC 2.0

|
DoD’s Office of the Under Secretary of Defense for Acquisition and Sustainment recently issued a long-awaited statement regarding updates to its Cybersecurity Maturity Model Certification (CMMC) program. The DoD introduced CMMC 2.0, streamlining the CMMC program via a significant set of changes including lowering the number of CMMC levels from ... Read More
Ensuring FIPS 140-2 Compliance – Caveat Emptor

Ensuring FIPS 140-2 Compliance – Caveat Emptor

|
How to know if your vendor is complying with NIST standards for FIPS 140-2 Defense contractors looking to comply with NIST 800-171 know they need to protect all Controlled Unclassified Information (CUI) both at rest and in transit with FIPS 140-2 validated encryption. And this requirement can extends to not ... Read More
PreVeil Launches Self-Service

PreVeil Launches Self-Service

|
PreVeil customers can now purchase directly on preveil.com. PreVeil customers can now buy individual or business monthly subscriptions from the preveil.com website using a credit card. Both plans offer unlimited encrypted storage for PreVeil Drive as well as PreVeil Email messaging. The Individual plan costs $25/month. The Business plan adds ... Read More
PreVeil’s FedRAMP Story

PreVeil’s FedRAMP Story

|
Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 establishes clear guidelines for how defense companies can store and process Controlled Unclassified Information (CUI) in the cloud as well as standards for the cloud services they use. Contractors must ensure that cloud service providers (CSP)s meet FedRAMP Moderate Baseline or equivalent and ... Read More
CMMC Mandate to Enhance Cybersecurity is Clear

CMMC Mandate to Enhance Cybersecurity is Clear

|
The need to defend against cyberattacks that threaten U.S. advantages in the military is becoming more and more obvious every day. The Department of Defense (DoD) is intent on better defending the vast attack surface that the Defense Industrial Base (DIB) presents to adversaries and is taking action to do ... Read More
A Zero Trust Model for Securing Communications and Collaboration

A Zero Trust Model for Securing Communications and Collaboration

|
President’s Biden’s May 2021 Executive Order on Improving the Nation’s Cybersecurity mandates rapid development of plans by every federal agency for modernizing their approach to cybersecurity. One of the most crucial improvements called for is the implementation of Zero Trust Architecture.   The Executive Order (EO) makes clear that Zero ... Read More

Password attacks on Microsoft highlight the need for Passwordless Zero Trust Systems

|
Nobelium, the hackers behind the SolarWinds hack, have struck again. The hacking group, linked to Russia’s Foreign Intelligence Service by U.S. authorities, attacked Microsoft customer support systems. They installed malicious information-stealing software into Microsoft’s systems and then used that stolen data to attack Microsoft customers. While Microsoft reports that most ... Read More