we deliver
innovative
cybersecurity and computing
solutions
to protect
critical infrastructure
learn more about our patch management program
WE HAVE NEW SPEC SHEETS AVAILABLE HERE FOR DOWNLOAD.
news and events
CMMC Implementation – Level 2 Audit and Accountability
Apr 18, 2022
Introduction Audit trails maintain a record of system activity, and provide the ability to establish individual accountability, detect system anomalies, and reconstruct system events using key records. A robust Audit and Accountability program includes system...
Read MoreNERC CIP-013 NEW REGULATIONS
Mar 24, 2020
NERC CIP-013 SUPPLY CHAIN AUTHENTICITY AND INTEGRITY Source: Trace Bellassai, Cyber Security Solutions Engineer We're prepared for the NERC CIP changes, are you? Here at FoxGuard, we always try to stay ahead of the curve when it comes to new requirements and...
Read MoreTop 5 Touchscreen Interfaces
Mar 9, 2015
Top 5 Touchscreen Interfaces What are the most common types of touchscreen interfaces? Touchscreens have a very commonplace in our daily lives: cell phones, ATM’s, kiosks, ticket vending machines, and more. They all use touch panels to enable the user to interact with...
Read MoreRegulatory Compliance for Industrial Computing Products
Apr 17, 2023
Part One – What, Why, How? What is it, in the world of electronics? Regulatory Compliance can mean a lot of things in different industries, but for the Industrial Computing industry it signifies meeting the safety and environmental legal requirements in force for the...
Read MoreCMMC Implementation – Level 2 System and Information Integrity
Dec 13, 2022
Introduction A System and Information Integrity program is critical for managing risks from system weaknesses, malicious code intrusion, and application errors. System Flaws and Security Alerts Control3.14.1Identify, report, and correct system flaws in a timely...
Read MoreCMMC Quarterly Update – December 2022
Dec 13, 2022
There’s not much new in the world of CMMC. Joint assessments with C3PAOs and DIBCAC continue, but we all await the final 2.0 rules, which are still expected in the Spring of 2023. In the meantime, don’t stop preparing! Continue working through your POAMs,...
Read MoreCMMC Implementation – Level 2 System and Communications Protection
Dec 13, 2022
Introduction Policies and procedures for System and Communications Protection should adhere to applicable Federal laws, Executive Orders, standards and guidance. This area focuses on the exchange of information within a system or a network. Monitor, Control,...
Read MoreCMMC Implementation – Level 2 Security Assessment
Nov 9, 2022
Introduction As rapidly changing technologies and vulnerabilities materialize daily, organizations must have a security plan of action and milestones documented. This plan of action and milestones or POAM should be proactively followed by an assessment of the controls...
Read MoreCMMC Implementation – Level 2 Risk Assessment
Nov 2, 2022
Introduction A Risk assessment is a process of determining how effectively systems meet specific security objectives. A proper risk assessment plan should answer the following fundamental questions: What is the scope of the assessment?Who is authorized to conduct the...
Read MoreCMMC Implementation – Level 2 Physical Protection
Sep 23, 2022
Introduction Many of the NIST controls deal with the logical aspect of access to organizational systems; however, without appropriate controls in place to protect the physical facilities and equipment, the compromise of information systems and CUI is at great risk....
Read MoreCMMC Quarterly Update – September 2022
Sep 1, 2022
Rulemaking The rulemaking process for CMMC continues, with no updated timeline. This leads us to believe we can still expect CMMC requirements to start appearing in DoD contracts around May of 2023. Draft CMMC Assessment Process (CAP) The Cyber-AB has published a...
Read MoreCMMC Implementation – Level 2 Personnel Security
Aug 23, 2022
Introduction Onboarding procedures such as background screening and reference checking are not only important before the hiring process; those requesting access to systems containing Controlled Unclassified Information should undergo an in-depth level of scrutiny....
Read MoreASSET INVENTORY IN THE OT ENVIRONMENT
Aug 22, 2022
Asset Inventory in the OT EnvironmentTHE FIRST STEP ON THE PATH TO SECURE YOUR OT ENVIRONMENT We hear it all the time, “I don’t have an asset inventory” or “I didn’t even know that was connected to the network.” Asset inventory and baselining is not the exciting part...
Read MoreCMMC Implementation – Level 2 Media Protection
Aug 2, 2022
Introduction Your customer has provided you with Controlled Technical Information for designing a system … they have provided the information digitally and securely transported hard copy plans to you. How do you protect both types of media? System media includes...
Read MoreCMMC Implementation – Level 2 Maintenance
Jul 13, 2022
Introduction Maintenance is an imperative requirement for information security and applies to all hardware, firmware, operating systems, peripherals and the drivers, and all software applications. Lapse of maintenance could result in system vulnerability, opening the...
Read MoreCMMC Implementation – Level 2 Incident Response
Jun 21, 2022
Introduction Earlier in this blog series, we discussed the importance of system audit logs and the regular review of those logs, and system alerts for events that lead to a failure in the audit logging process. In this blog, we will look at what happens when...
Read MoreCMMC Quarterly Update – June 2022 – FoxGuard Solutions
Jun 6, 2022
Update on Rulemaking From an article published by Sara Friedman[1] of Inside Cybersecurity, the DoD now expects to release interim rules two months earlier than expected -- in March 2023 -- and include CMMC requirements in contracts by May 2023, after the conclusion...
Read MoreCMMC Implementation – Level 2 Identification and Authorization
May 31, 2022
Introduction Identification and Authentication is often the front-line defense of system security and is used to protect the system from unauthorized access. Identifiers Control3.5.1Identify system users, processes acting on behalf of users, and...
Read MoreCMMC Implementation – Level 2 Configuration Management
May 9, 2022
Introduction Red Hat defines Configuration Management as “a process for maintaining computer systems, servers, and software in a desired, consistent state”. [1] In other words, a company will have a complete catalog of its systems’ original configurations,...
Read MoreCMMC Implementation – Level 2 Awareness and Training
Apr 4, 2022
Introduction Don’t be fooled by the “easy” look of the three controls in the Awareness and Training family of NIST SP 800-171, which are requirements in CMMC 2.0. A training and awareness program takes a significant amount of time to plan and create, and...
Read MoreCMMC Implementation – Level 2 Access Control
Mar 15, 2022
Introduction In our last blog we looked at the CMMC Level 1 requirements derived from FAR 52.204-21, a number of which pertained to Access Control. This publication will look specifically at the Access Control requirements for CMMC Level 2, which are found in...
Read MoreCMMC Quarterly Update
Mar 2, 2022
CMMC Oversight Shifts to DoD CIO On February 2, the Deputy Secretary of Defense issued a Memorandum disestablishing the position of Chief Information Security Officer in the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD A&S) and...
Read MoreCMMC Implementation – Level 1 (the FAR)
Feb 22, 2022
Source: Barbara Wert, Sr. Regulatory Compliance Specialist Introduction In November 2021, FoxGuard provided an introduction to CMMC 2.0 (Current State of CMMC). One of the notable changes mentioned was the removal of extra controls in CMMC, leaving the revised...
Read MoreThe Current Status of CMMC
Dec 1, 2021
The Current State of CMMC
FORWARD MOVEMENT OF THE DIB, DISPITE THE UNKNOWNS
Early in November 2021, CMMC 2.0 was announced, and the changes are significant. What has changed? What hasn’t changed? Considering some of the strenuous objections to the changes that have been announced, what future modifications can be anticipated?
Read MoreFramatome launches FoxGuard EU to bring cybersecurity expertise to European market
Sep 7, 2021
September 7, 2021 – Framatome today announced the launch of FoxGuard EU at the International Cybersecurity Forum in Lille, France. This new business leverages the cybersecurity expertise of U.S.-based FoxGuard Solutions, a wholly owned subsidiary of Framatome, for the...
Read MoreCybersecurity / Resiliency is a path, not a destination
Jan 26, 2021
Source: Monta Elkins, FoxGuard Solutions Hacker In Chief It is not reliable if it is not secure.Ransomware has significantly affected companies abilities to deliver their product (and in some high profile cases, deliver other people’s products). A backup guards...
Read MoreDEFENDING THE NATION’S RENEWABLE ENERGY RESOURCES FROM CYBER ATTACK DURING A PANDEMIC
Dec 10, 2020
Technology tools (software and hardware) allow for rapid cyber security deployments.
Read MoreFoxGuard Solutions Teams Up with Industrial Defender
Nov 20, 2020
Transforming Patch and Vulnerability Management for OT Security Teams. This partnership combines Industrial Defender’s depth and breadth of asset data collection with FoxGuard’s ability to report, acquire, validate and deploy vendor-approved patch and vulnerability...
Read MoreFAR, DFARS, and CMMC, oh my …
Nov 4, 2020
Source: Barbara Wert, Sr. Regulatory Compliance Specialist Introduction Immediate action towards compliance to handling Federal “Controlled Information” (CI) is required for Government contractors and subcontractors who wish to be eligible for Department of Defense...
Read MoreCVE-2020-1472 Vulnerability
Sep 22, 2020
Source: Monta Elkins, Hacker-In-Chief The CVE-2020-1472 vulnerability allows an unauthenticated attacker to completely compromise all Active Directory services. This vulnerability has been dubbed “Zerologon” by the security company that discovered it, Secura (link to...
Read MoreNERC CIP requirements coming into effect
Aug 5, 2020
As electric utilities look towards furthering their compliance programs, consideration needs to be made around software integrity and authenticity. Of the new NERC CIP requirements coming into effect in October 2020, two of them deal with this concept – CIP-010-3 R1...
Read MoreNERC CIP NEW REGULATIONS ACTIVE JULY 1, 2020 – ARE YOU READY?
Apr 7, 2020
CHRISTIANSBURG, Va. Tuesday, April 2, 2019 - FoxGuard Solutions, Inc, as an active member of the NERC CIPC Supply Chain Working Group, was part of the discussions involving NERC CIP-010 and CIP-013 regulations that become enforceable this year. On July 1, 2020, a new...
Read MoreThe Other Side of Responsible Disclosure
Mar 10, 2020
Source: Michele Wright, Product Manager I have been part of several conversations recently and the topic of “responsible disclosure” seems to be coming up more and more. There are strong opinions around who needs what information at what time. There are many...
Read MoreHow to Mitigate Microsoft Vulnerabilities
Jan 16, 2020
(CVE 2020-0601), (CVE 2020-0609/2020-0610), (CVE 2020-0611) Source: Trace Bellassai Several serious security vulnerabilities have been made recently made public which affect Microsoft operating systems. Three vulnerabilities that are of significant...
Read MoreNation-State Supply Chain Attacks for Dummies and You Too
Jan 13, 2020
https://www.youtube.com/watch?v=XXm-WOx1GRg Back in October 2018, “Bloomberg” recounted a Chinese supply-chain attack on Supermicro motherboards used in servers for Amazon, Apple, and more than 20 other...
Read MoreASUA Global Force Symposium & Exposition
Mar 17, 2020
The 2020 AUSA Global Force Symposium & Exposition is a three-day event that will include presentations from the Office of the Assistant Secretary of the Army (Acquisition, Logistics and Technology), the United States Army Materiel Command, and the United States...
DetailsFoxGuard Solutions, Inc. Designs a Computer to Support Varjo’s XR-1 Developer Edition Headset, To be Showcased at I/ITSEC 2019
Nov 26, 2019
CHRISTIANSBURG, Va., Nov. 26, 2019 /PRNewswire/ -- Varjo™, the technology leader in industrial-grade VR/XR headsets released its Varjo XR-1 Developer Edition headset this fall (announced in May 2019, but not released to the market yet)....
Read MoreProtect Our Power
Jan 27, 2020
Come see our very own Monta Elkins speak 8:45 – 9:30 on Vulnerability Disclosure. Protect Our Power’s 2nd Best Practices – Utility Cybersecurity conference, will provide critical updated information for anyone who can benefit from learning from or contributing to best practices for the utility cyber sector. Taking place immediately before the opening of DistribuTECH, this conference is a must-see.
DetailsI/ITSEC
Dec 2, 2019
We are excited to be attending I/ITSEC again this year. Please come visit booth #2123 if you are in the area. The Interservice/ Industry Training, Simulation and Education Conference (I/ITSEC) is the world’s largest modeling, simulation and training event. Held near the beginning of December in Orlando, Florida, USA.
DetailsS4x2020 ICS Security Conference
Jan 20, 2020
We are excited to be a part of the S4x20 ICS Security conference again this year. Please come out and see us if you are in the area. Set free a conservative, slow-moving, change-resistant community to discover new ideas and come up with innovative ways to use these new ideas to deploy secure, resilient and better ICS.
DetailsSoftware Integrity and Authenticity
Oct 30, 2019
Source: Michele Wright, Product Manager As electric utilities look towards furthering their compliance programs for 2020, consideration needs to be made around software integrity and authenticity. Of the new NERC CIP requirements coming into effect next year (July 1,...
Read More“It isn’t possible,” they said. Challenge is what our “hacker-in-chief” heard.
Oct 30, 2019
Source: Trace Bellassai, Client Operations Engineer“It’s not possible,” they said when they saw the Bloomberg article. “There’s no chip that small capable of doing that”. Well, that’s what everyone thought, until our very own Hacker-In-Chief, Monta Elkins, proved that...
Read MoreFoxGuard Solutions Joins The Framatome Family
Oct 16, 2019
FOR IMMEDIATE RELEASE Framatome announces the acquisition of FoxGuard Solutions, a U.S. company dedicated to the field of integrated cybersecurity, industrial computing, and regulatory compliance solutions. “We are very pleased to welcome FoxGuard Solutions to...
Read MoreFoxGuard Joins Framatome!
Oct 1, 2019
FoxGuard Solutions announced on 10/1/2019 that it has joined the Framatome Inc. family, as a wholly owned subsidiary. Framatome is an international leader in nuclear energy recognized for its innovative solutions and value-added technologies for the global nuclear...
DetailsEnergy Sector Asset Management
Sep 26, 2019
A PRACTICAL GUIDE – ENERGY SECTOR ASSET MANAGEMENTOver the past several months, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has been working on a cybersecurity project involving asset...
Read MoreVarjo Accelerates Global Expansion with Opening of US Headquarters
Sep 4, 2019
Company exhibits strong momentum to better serve key markets with opening of first US office, growth of reseller network and launch of shipping to Japan Helsinki – September 5, 2019 – Varjo™, the technology leader in industrial-grade VR/XR headsets, today...
Read Moree-Waste: Is Your Product Compliant?
Aug 26, 2019
E-WASTE: IS YOUR PRODUCT COMPLIANT?Reclamation of metals and alloys in EEE, such as silver, gold, and copper, is one important benefit of regulating e-waste; however, protection for human health and the environment from the release of harmful chemicals contained in...
Read MoreCOMPLIANCE UPDATES
Aug 26, 2019
Source: Barbara Wert, Sr. Regulatory Compliance Specialist RoHS – RECAST v. AMENDMENT Contrary to what many believe, the updated requirement under 2015/863 for compliance to ten substances rather than six does not constitute the “next generation” of RoHS. As of...
Read MoreDefCon
Aug 9, 2019
Nation State Supply Chain Attacks for Dummies -or- Chipping Cisco Firewalls August 9, 2019 4:00 PM Back in October 2018, Bloomberg recounted a Chinese supply-chain attack on Supermicro motherboards used in servers for Amazon, Apple and more. Here is how Monta...
DetailsCyberSenate
Sep 24, 2019
“Protecting and Securing Digital Transformation” 6th Annual INDUSTRIAL CONTROL CYBERSECURITY USA CONFERENCE
DetailsNavy Palt
Jul 9, 2019
Purpose: Provide updated information and status of ongoing acquisitions, which have been formally announced via FedBizOpps, Navy Electronic Commerce Online, TSIS or the NAWCTSD Business Opportunities webpage. There is no agenda; this is industry’s opportunity to ask...
DetailsDEFENDING THE NATION’S DISTRIBUTED ENERGY RESOURCES FROM CYBER ATTACK
Apr 2, 2019
DEFENDING THE NATION’S DISTRIBUTED ENERGY RESOURCES FROM CYBER ATTACKwith FoxGuard Solution’s In Depth Strategy for Securing Industrial Control Systems CHRISTIANSBURG, Va. Tuesday, April 2, 2019 - FoxGuard Solutions, Inc. is engaged and partnered with Lawrence...
Read MoreDebunking the Mystery of the Update Rollups
Mar 21, 2019
Source: JC Boysha, IT System AdministratorIf you’ve been in the game awhile you know that Windows Updates used to be pretty straight-forward. They consisted of a list of patches, each with their own associated KB (or Knowledge Base) article indicating what they were...
Read MoreNIST SP 800-37 Revision 2 PUBLISHED
Jan 2, 2019
Barb Wert, Regulatory Compliance SpecialistToday the National Institute of Standards and Technology (NIST) published Revision 2 of SP 800-37 – Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and...
Read More