Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

My first introduction to UNIX remote access was via telnet and rsh protocols in college, which was the standard method at the time. But I soon started reading articles about how easy it was for someone to sniff the network and capture passwords since they were being transmitted in plaintext. On the shared network segments common to university campuses and early enterprise environments, the tools to intercept traffic were freely available, well-documented, and required very little skill to use.

NIST Special Publication 800-171 defines a precise set of security requirements for organizations that handle Controlled Unclassified Information (CUI) outside of federal systems. For defense contractors, subcontractors, and their engineering teams, these controls are non-negotiable with the advent of the Cybersecurity Maturity Model Certification (CMMC) program, which dictates how CUI must be accessed, logged, transmitted, and protected across every system in scope. That scope is shifting.

Josh Rector is the Compliance Director, Public Sector at Ace of Cloud, a security and compliance consulting firm, certified CMMC Third-Party Assessor Organization (C3PAO), and Registered Provider Organization (RPO). With more than a decade of experience in cybersecurity compliance, he has worked both sides of the assessment table, leading internal and external assessments, serving as ISSO for systems at federal agencies, and guiding cloud service providers through the FedRAMP authorization process.

Agentic AI workloads are shipping to production on Kubernetes faster than the standards to secure them. Many teams deploying autonomous, tool-calling agents as containerized microservices do so without a shared baseline for securing or monitoring those containers. The CNCF AI Technical Community Group recently published a comprehensive article on cloud-native agentic standards, marking the first attempt to define best practices for such deployments.