Defense Unicorns’ Post

NIST SP 800-115 September 2008 supersedes  SP 800-42 (10/15/2003) Tagged: Technical Guide to Information Security Testing and Assessment The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. It is listed as a common Methodology and Industry standard used by both Pen-Testers and Incident responders for scoping  and assessing the security posture of an organization You can find this NIST SP at https://lnkd.in/dT3YvbMA #penetrationtesting #riskassessment #securityassessment #securityexamination #securitytesting #vulnerabilityscanning

For some, the one publication they will recognize is FIPS 140-3, but the Cryptographic Module Validation Program (CMVP) is so much more than just that. The NIST SP 800-140x series supports Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and its associated validation testing program among other things. Clearly worth a read to those of us in the cyber security, and GRC realms. https://lnkd.in/eUftiE5f

🆕 Latest software launch makes it quicker and easier for federal organizations to determine NIST SP 800-53 security posture Available from today for both Nipper Enterprise and Nipper users, the NIST SP 800-53 reporting capability enables organizations to: - Drill down to NIST SP800-53 checks and testing procedures with automated pass/fail evidence of compliance - Determine the risk that each non-compliance poses to network security - Prioritize remediation by risk with advice for each non-compliance. This can be used to automate trouble-ticketing (Nipper Enterprise only) - Check that risk has been mitigated and the device is secure to 800-53 standards with proactive re-assessment capability (Nipper Enterprise only) Find out more > http://ow.ly/B49f104VG3h

🆕 Latest software launch makes it quicker and easier for federal organizations to determine NIST SP 800-53 security posture Available from today for both Nipper Enterprise and Nipper users, the NIST SP 800-53 reporting capability enables organizations to: - Drill down to NIST SP800-53 checks and testing procedures with automated pass/fail evidence of compliance - Determine the risk that each non-compliance poses to network security - Prioritize remediation by risk with advice for each non-compliance. This can be used to automate trouble-ticketing (Nipper Enterprise only) - Check that risk has been mitigated and the device is secure to 800-53 standards with proactive re-assessment capability (Nipper Enterprise only) Find out more > http://ow.ly/B49f104VG3h

🆕 Latest software launch makes it quicker and easier for federal organizations to determine NIST SP 800-53 security posture Available from today for both Nipper Enterprise and Nipper users, the NIST SP 800-53 reporting capability enables organizations to: - Drill down to NIST SP800-53 checks and testing procedures with automated pass/fail evidence of compliance - Determine the risk that each non-compliance poses to network security - Prioritize remediation by risk with advice for each non-compliance. This can be used to automate trouble-ticketing (Nipper Enterprise only) - Check that risk has been mitigated and the device is secure to 800-53 standards with proactive re-assessment capability (Nipper Enterprise only) Find out more > https://ow.ly/hUFJ50PPLtX

NIST Special Publication 800-12 Revision 1 An Introduction to Information Security https://lnkd.in/gFH-mt84

Rather than creating security programs from scratch, most practitioners will start implementing using a framework, like NIST CSF or even starting with a control framework like CIS. Yet, it's not always clear what implementation of a control & security framework would cost. Here's a good article of what implementation of different tiers would cost for a CMMC program: https://lnkd.in/gnczzKS5

Many a times, we hold off on publishing an article until it has 1️⃣  a strong vocabulary, 2️⃣ a clear structure, 3️⃣ is interesting, 4️⃣ is unique, etc. Similarly, we often put off ❌ implementing controls until later, reasoning that we should wait to * automate * get the best tool on board * have enough resources any many more reasons. However, we often fail to realise that compensating measures may also be used and can even partially assist in limiting risks, tomorrow never comes and we can never be satisfied with our articles' or controls' perfection. Optimal utilisation of resources and timely implementation are very important in Information security governance. #informationsecurity #informationsecurityawareness #awarenessmatters #grc

CISA lays out how to practice secure-by-design

DISA releases Ivanti Connect Secure STIG The Ivanti Connect Secure Security Technical Implementation Guide (STIG) is effective immediately upon release. Ask us about how IPKeys CLaaS can help you with hardening risk management across your porfolio / systems. #RMF #CLaaS #cybersecurity #cni https://lnkd.in/eU2qTiR3