How Government Agencies Defend Against Increasing Cyberthreats

Whether military, a civilian agency, or even a public education institution, organizations across the public sector have witnessed a substantial increase in cyberattacks. There were a number of hits on education around this time last year, and then on health-related agencies as the COVID-19 pandemic struck. So, how do government agencies ensure their security posture is up to the task of defending against increasingly opportunistic forces of evil?


TL;DR: NIST Guidance on Zero Trust Architecture (ZTA)

On 11 August, the National Institute of Standards and Technology (NIST) released a 50-page guidance document on Zero Trust Architecture (ZTA), specifically with the enterprise in mind. It is not intended to be a single deployment plan for ZTA as every enterprise will have unique use cases and assets that need protection. We’ve poured over the guidance to provide a TL;DR, you can read the full publication here.


The NIST Cybersecurity Framework: 5 core functions and how to align with them using AD360

The Cybersecurity Framework (CSF) was developed by the National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce. This framework was created through collaboration between various private-sector and government experts to provide high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.


Final Version of NIST SP 1800-23 Guides Identification of Threats to OT Assets

In September 2019, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) announced the release of a draft practice guide entitled, “NIST Special Publication (SP) 1800-23: Energy Sector Asset Management.” The NCCoE spent the next two months collecting comments from the public to improve their guide. They then used this feedback to improve upon their initial draft. But the wait is finally over.


Risk Assessment Checklist NIST 800-171

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is a subset of IT security controls derived from NIST SP 800-53. NIST SP 800-53 provides a catalog of cybersecurity and privacy controls for all U.S. federal information systems except those related to national security. The IT security controls in the “NIST SP 800-171 Rev.


Security configurations-Part one: 7 reasons why security configurations are crucial to your security blueprint

Security configurations are security-specific settings used to secure heterogeneous endpoints such as servers, desktops, laptops, mobile devices, and tablets. As endpoints in your network diversify, securing each endpoint becomes a challenge. One way to ensure effective endpoint security is by automating it, which is where security configurations come into play. Security configurations are utilized to secure and control every facet of your network.


What is NIST Special Publication 800-37 Revision 2?

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 revision 2 is a Risk Management Framework for Information Systems and Organizations: A System Lifecycle Approach for Security and Privacy. NIST SP 800-37 rev 2 was published in December of 2018 and describes the Risk Management Framework (RMF) and guidelines on how to apply RMF to information systems.


Helping the Federal Government with NIST SP 800-53 Compliance

StackRox has had Federal intelligence, military, and civilian agencies at the heart of our customer base since our inception. Our extensive work with the Department of Homeland Security, our backing from In-Q-Tel, and our work across multiple U.S. Intelligence Community agencies have shaped our product and brought additional rigor to our development process.


Now Is the Time to Get up to Speed with CMMC and SP 800-171 Rev 2

At the beginning of March 2020, Fifth Domain reported that Colorado-based aerospace, automotive and industrial parts manufacturer Visser Precision LLC had suffered a DoppelPaymer ransomware infection. Those behind this attack ultimately published information stolen from some of Visser’s customers. Those organizations included defense contractors Lockheed Martin, General Dynamics, Boeing and SpaceX.