Cyber Security and Information Systems Information Analysis Center
Historically, an organization developed a Cybersecurity program to achieve compliance. It has been our experience, organizations which achieve full compliance cannot continue to operate because of strict Compliance requirements and the lack of a functional Cybersecurity program. The lack of a functional Cybersecurity program enables methodologies found Read More
Stephen Brewster is a graduate of Capitol Technology University with a Masters in Information Assurance Engineering. Stephen has expertise in software assurance, systems integration and testing, and cybersecurity governance and risk management. Mr. Brewster developed software for military logistics planning shortly after finishing his bachelors in Computer Read More
Dr. Rampaul Hollington completed 21 years in the US Army, retiring as a Chief Warrant Officer 3. While on active duty, Dr. Hollington served as an Information Assurance Manager, an Information Assurance Security Officer, Information System Security Officer and COMSEC Custodian. Over the past 11 years, Dr. Hollington worked in support of Cyber programs for Read More
This update to NIST Special Publication 800-37 (Revision 2) responds to the call by the Defense Science Board, Executive Order 13800, and OMB Memorandum M-17-25 to develop the next-generation Risk Management Framework (RMF) for information systems, organizations, and individuals. There are seven major objectives for this update: Provide closer Read More
Software assurance (SwA) is the “level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software, throughout the life cycle.” [4] The latest change to Department of Defense (DoD) Instruction (DoDI) 5000.02, Operation of the Defense Acquisition System Read More
This is the edited chat log from the CSIAC Webinar, "Applying the Top 20 Critical Controls for Risk Assessment". Notice: This content may contain personal or third-party views and opinions not associated with the government. Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/ Jack R: Is the Return for being Read More
This webinar will introduce attendees to the Center for Internet Security (CIS) Top 20 Critical Security Controls. Tools and techniques to implement the controls will be discussed. With the uncertainty and risks associated with the Internet of Things (IoT), it is essential to understand how to assess a system or a business network and implement controls to Read More
Embedded devices are increasingly connected to network resources for additional functionality with the ultimate goal of greater mission capability. Recently, security of connected devices is being scrutinized with highly publicized vulnerabilities of various consumer devices. While several domains are starting to publish new guidelines for cybersecurity Read More
This is the edited chat log from the CSIAC Webinar, "eMASS, the True Story". Notice: This content may contain personal or third-party views and opinions not associated with the government. Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/ Cragin S: I think the foot stomp here is that eMASS is NOT RMF... it is a Read More
The use of manual methods to monitor system controls has essentially become impractical due to the growing number of applicable controls and the increasing frequency at which they are to be evaluated (for the RMF’s near real-time risk assessment). Instead, the NIST guidance strongly suggests that automation be used, to the extent possible, to generate, Read More
