SteelCloud COO on why federal government agencies should take full advantage of the commercial cloud

As the federal government continues to ride the waves of digital transformation and network modernization, one decision that many agencies have decided to make has been to migrate their applications, workloads, and services – which have been traditionally managed on-prem…

How the Defense Industrial Base Can Prepare for CMMC Level 2+

The Defense Industrial Base (DIB), – the organizations that make up the U.S. Department of Defense’s (DoD) supply chain, is massive – comprised of hundreds of thousands of government contractors. With these organizations providing essential products, tools, and applications to…

The Early Bird Gets the Worm, When It Comes to CMMC and the DIB

This article originally appeared on SteelCloud’s official blog site. The Department of Defense’s CMMC (Cybersecurity Maturity Model Certification) program has undergone multiple changes, revisions, updates, and organizational shifts over the last two and a half years. As a result, DoD…

How DoD organizations can get a handle on zero trust

As the U.S. Department of Defense (DoD) continues to transition and adopt zero trust cybersecurity frameworks for its IT networks and infrastructure, the Department is also urging all of its disparate agencies and organizations to follow suit. But before DoD…

Why a zero trust framework is the most effective at securing federal agency networks

As malicious cyber actors continue to improve and refine their techniques of penetrating and exploiting vulnerabilities in federal government agency networks, the single verification cybersecurity models that agencies have historically implemented are no longer capable of preventing breaches and attacks.…

Four Automation Targets That Can Help Overcome the Federal Cyber Workforce Shortage

Since the beginning of the COVID pandemic, cyberattacks have become increasingly frequent and sophisticated, looking to leverage a changing IT landscape that resulted as government agencies and their IT teams worked to enable the “new normal” of a distributed workforce.…

Improving Cyber Situational Awareness with Compliance Automation

Today’s federal government and military are facing workforce shortages and vacancies in many important positions. However, none of these vacancies are as potentially harmful to the security of our nation as the shortages that exist in our federal cybersecurity workforce.…

Using STIGs to Accelerate CDM Compliance

As part of the Executive Order on Improving the Nation’s Cybersecurity (Executive Order), Federal Civilian Executive Branch (FCEB) Agencies need to establish or update their Memoranda of Agreement with CISA for the CDM (Continuous Diagnostics and Mitigation) program ensure that…

STIGs For Dummies

For both government organizations and their mission partners, addressing STIG compliance for RMF, FISMA, DevSecOps, FedRAMP, and now the new CMMC mandates, has always been challenging, especially when these organizations depend on tedious manual processes. Kenneth Hess, the author, funnels decades…

eMASS Automation – The Search for a Solution to Unite and Automate Security Compliance Data

eMASS, or the Enterprise Mission Assurance Support Service, was developed by the DoD, in part, as a repository that unites technical/machine data generated from endpoint scans with the human/non-technical data documented by security/IA personnel. Imagine a 1,000 workstation environment that quickly…