Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Privileged passwords should be used wisely. These credentials, also called secrets, provide a user with access to protected accounts, systems, networking hardware, cloud instances, and applications. Since privileged accounts also have elevated permissions, passwords to these accounts are often targeted by cybercriminals. In fact, weak, reused, and compromised passwords are the cause of 81% of all data breaches according to the Verizon 2019 Data Breach Investigations Report.

NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST SP 800-171 or NIST 800-171), provides federal agencies with a set of guidelines designed to ensure that Controlled Unclassified Information (CUI) remains confidential and unchanged in nonfederal systems and organizations.

NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations (NIST SP 800-53 or NIST 800-53), establishes an information security standard for the federal government. Specifically, NIST 800-53 establishes security controls and privacy controls for federal information systems and organizations excluding those involved with national security.

The NIST Cybersecurity Framework provides a framework, based on existing standards, guidelines and practices for private sector organizations in the United States to better manage and reduce cybersecurity risk. In addition to helping organizations prevent, detect and respond to cyber threats and cyber attacks, it was designed to improve cybersecurity and risk management communications among internal and external stakeholders. The framework is increasingly adopted as best practice, with 30% of U.S.

Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” directed the development of the voluntary Cybersecurity Framework that provides a prioritized, flexible, repeatable, performance-based and cost-effective approach to manage cybersecurity risk for those processes, information and systems directly involved in the delivery of critical infrastructure services.

Industrial organizations face a growing list of digital threats these days. Back in April 2019, for instance, FireEye revealed that it had observed an additional intrusion by the threat group behind the destructive TRITON malware at another critical infrastructure.

The NIST Cybersecurity Framework (CSF) has only been around for four years and while developed for critical infrastructure, resulting from Executive Order 13636, it has been widely adopted across both private and public sectors and organizational sizes. It is used inside of the US government, with 20 states using it (at last count).

Today we are very excited to announce our latest release — Sysdig Secure 2.3! In this version of Sysdig Secure, we have invested heavily in hardening the compliance posture of Kubernetes, Docker configurations, and container images. We have released a set of features that provide compliance focused image scanning, guided remediation, compliance dashboards, and more.