CIS controls and automation—Why they are better together

For federal government agencies, it is not only a priority but a mandated requirement that the contractors and vendors they do business with have hardened cybersecurity compliance controls that secure their networks and protect the data and information they house.…

Strengthening federal software supply chains through the power of automation

This article originally appeared on SteelCloud’s official blog, HERE. When you mix all the Executive Orders, NIST standards, SBOMs, CUI, and critical software together, your organization will have a more secure supply chain. But it’s all just a mishmash of…

How federal agencies are automating cyber compliance problem solving with their CBOM

Just as federal agencies need a software bill of materials (SBOM) in order to have a detailed breakdown of their supply chain relationships of open-source and commercial software components, government organizations also need to apply those same principles to their…

Why a CBOM is the cyber compliance solution every government agency needs

This article originally appeared on SteelCloud’s official blog, HERE. A software bill of materials (SBOM) is something everyone in the cybersecurity field knows and understands. It was even mandated by President Biden in his Executive Order on Improving Our Nation’s…

A CMMC 2.0 rule release is around the corner—What DIB and FSI organizations need to know about Level 2

It seems that any day now the U.S. Department of Defense (DoD) will announce its rulemaking on the Cybersecurity Maturity Model Certification (CMMC) 2.0. According to the CMMC policy Director for the Office of the Undersecretary of Defense for Acquisition…

Time to get ready for CMMC 2.0

Cybersecurity Maturity Model Certification (CMMC) 2.0 is here. If your company is not prepared, the time to get ready is now, or your company may risk losing business with the Department of Defense (DoD). The CMMC program requires cyber protection…

How the Defense Industrial Base Can Prepare for CMMC Level 2+

The Defense Industrial Base (DIB), – the organizations that make up the U.S. Department of Defense’s (DoD) supply chain, is massive – comprised of hundreds of thousands of government contractors. With these organizations providing essential products, tools, and applications to…

The Early Bird Gets the Worm, When It Comes to CMMC and the DIB

This article originally appeared on SteelCloud’s official blog site. The Department of Defense’s CMMC (Cybersecurity Maturity Model Certification) program has undergone multiple changes, revisions, updates, and organizational shifts over the last two and a half years. As a result, DoD…

Adopting a Reference Architecture for CMMC Readiness

For companies in the U.S. Defense Industrial Base, CMMC represents a major change in how to think about security and compliance. As business leaders and IT professionals prepare to have their networks and cybersecurity practices assessed and certified, many are…

Nation-state attack on government validates concerns about AppSec and supply chain security

One of the top trends that we witnessed covering government and military cybersecurity in 2020 – aside from the massive upswing in threats that accompanied the ongoing COVID-19 pandemic – was a renewed and increased focus on securing the supply…