Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


What You Need to Know About the NIST Cybersecurity Framework 2.0

Ten years ago, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework (CSF) 1.0 following an Executive Order from President Obama to help companies and governments facing cybersecurity attacks. In 2014, data breaches were escalating. Major Fortune 500 companies and household names, such as Target, Yahoo, 7-11, Visa, and more, experienced heaps of customer data theft, online fraud and attacks from malware.

How CMMC Will Improve Your Cybersecurity Posture

In the ever-evolving landscape of cybersecurity, safeguarding critical data from unauthorized access is paramount. Our recent webinar, “Shut the Front Door,” provided invaluable insights aimed at business leaders, operations executives, and IT managers within the government contracting community, emphasizing the necessity of robust access control measures and adherence to regulations like the FAR, DFARS, and NIST 800-171.

NIST CSF 2.0 - SDLC for Continuous Improvement of Security

This is an analysis of the impacts and implications on cybersecurity practices, benefits, challenges, and how to deal with the transition to the new NIST CSF 2.0 framework. NIST released an update to its Cyber Security Framework (CSF) in February 2024. Two of the most obvious takeaways from this version are the addition of a new pillar and the expansion of its application beyond critical infrastructure.

SSDF BSIMM mapping updated for BSIMM14

In early March 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released its final Secure Software Development Attestation Form instructions, sparking a renewed urgency around understanding and complying with 31 of the 42 tasks in NIST SP 800-218 Secure Software Development Framework (SSDF) version 1.1.

DFARS 7012 Class Deviation and NIST 800-171 Rev 3 Guidance for DIBs

NIST 800-171 revision 3 was released on May 14, 2024, prompting DoD to issue an indefinite class deviation for DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012). US Defense Industrial Base (DIB) contractors must now comply with NIST SP 800-171 revision 2 rather than the version in effect at the time the solicitation is issued, as was previously required.

Making Data Integrity Easy: Simplifying NIST CSF with Tripwire

When you think of the cybersecurity "CIA" triad of Confidentiality, Integrity, and Availability, which one of those is most important to your organization? While the answer may vary by season for your organization, there is no argument that they are all equally vital sides of that CIA triangle, and each deserves the correct level of care and attention.

Compliance, collaboration, and communication: The benefits of NIST CSF 2.0

As regulatory mandates and frameworks continue to emerge, cybersecurity leaders must continue to adapt to more than just the latest threat actor tactics, techniques, and procedures. As part of our ongoing webinar series centered on compliance, SecurityScorecard’s Senior Product Marketing Manager, Devaney Devoe, moderated a discussion with Adam Bixler (Principal, Squadra Ventures), Christopher Strand (SecurityScorecard’s Global Risk Officer), and Steve Cobb (CISO, SecurityScorecard).

NIST CSF 2.0: A Deeper Dive into Middle-Earth

Sequels, bah! Usually, they are never as good as the first. Do not even speak of prequels! This is less of a sequel, and rather should be considered a continuation of the first blog. In line with the original blog, there will be a few references to Tolkien’s Lord of the Rings. So, without further ado, you have my sword, and you have my bow, and my axe, or, at the very least, some of my NIST CSF 2.0 insights.