we deliver
innovative
cybersecurity and computing

solutions

to protect
critical infrastructure


news and events

News

CMMC Implementation – Level 2 Audit and Accountability

Introduction Audit trails maintain a record of system activity, and provide the ability to establish individual accountability, detect system anomalies, and reconstruct system events using key records.  A robust Audit and Accountability program includes system...

Read More
News

NERC CIP-013 NEW REGULATIONS

NERC CIP-013 SUPPLY CHAIN AUTHENTICITY AND INTEGRITY Source: Trace Bellassai, Cyber Security Solutions Engineer We're prepared for the NERC CIP changes, are you? Here at FoxGuard, we always try to stay ahead of the curve when it comes to new requirements and...

Read More
News

Top 5 Touchscreen Interfaces

Top 5 Touchscreen Interfaces What are the most common types of touchscreen interfaces? Touchscreens have a very commonplace in our daily lives: cell phones, ATM’s, kiosks, ticket vending machines, and more. They all use touch panels to enable the user to interact with...

Read More
News

Regulatory Compliance for Industrial Computing Products

Part One – What, Why, How? What is it, in the world of electronics? Regulatory Compliance can mean a lot of things in different industries, but for the Industrial Computing industry it signifies meeting the safety and environmental legal requirements in force for the...

Read More
News

CMMC Quarterly Update – December 2022

There’s not much new in the world of CMMC. Joint assessments with C3PAOs and DIBCAC continue, but we all await the final 2.0 rules, which are still expected in the Spring of 2023. In the meantime, don’t stop preparing!  Continue working through your POAMs,...

Read More
News

CMMC Implementation – Level 2 Security Assessment

Introduction As rapidly changing technologies and vulnerabilities materialize daily, organizations must have a security plan of action and milestones documented. This plan of action and milestones or POAM should be proactively followed by an assessment of the controls...

Read More
News

CMMC Implementation – Level 2 Risk Assessment

Introduction A Risk assessment is a process of determining how effectively systems meet specific security objectives. A proper risk assessment plan should answer the following fundamental questions: What is the scope of the assessment?Who is authorized to conduct the...

Read More
News

CMMC Implementation – Level 2 Physical Protection

Introduction Many of the NIST controls deal with the logical aspect of access to organizational systems; however, without appropriate controls in place to protect the physical facilities and equipment, the compromise of information systems and CUI is at great risk....

Read More
News

CMMC Quarterly Update – September 2022

Rulemaking The rulemaking process for CMMC continues, with no updated timeline. This leads us to believe we can still expect CMMC requirements to start appearing in DoD contracts around May of 2023. Draft CMMC Assessment Process (CAP) The Cyber-AB has published a...

Read More
News

CMMC Implementation – Level 2 Personnel Security

Introduction Onboarding procedures such as background screening and reference checking are not only important before the hiring process; those requesting access to systems containing Controlled Unclassified Information should undergo an in-depth level of scrutiny....

Read More
News

ASSET INVENTORY IN THE OT ENVIRONMENT

Asset Inventory in the OT EnvironmentTHE FIRST STEP ON THE PATH TO SECURE YOUR OT ENVIRONMENT We hear it all the time, “I don’t have an asset inventory” or “I didn’t even know that was connected to the network.” Asset inventory and baselining is not the exciting part...

Read More
News

CMMC Implementation – Level 2 Media Protection

Introduction Your customer has provided you with Controlled Technical Information for designing a system … they have provided the information digitally and securely transported hard copy plans to you.  How do you protect both types of media? System media includes...

Read More
News

CMMC Implementation – Level 2 Maintenance

Introduction Maintenance is an imperative requirement for information security and applies to all hardware, firmware, operating systems, peripherals and the drivers, and all software applications. Lapse of maintenance could result in system vulnerability, opening the...

Read More
News

CMMC Implementation – Level 2 Incident Response

Introduction Earlier in this blog series, we discussed the importance of system audit logs and the regular review of those logs, and system alerts for events that lead to a failure in the audit logging process.  In this blog, we will look at what happens when...

Read More
News

CMMC Quarterly Update – June 2022 – FoxGuard Solutions

Update on Rulemaking From an article published by Sara Friedman[1] of Inside Cybersecurity, the DoD now expects to release interim rules two months earlier than expected -- in March 2023 -- and include CMMC requirements in contracts by May 2023, after the conclusion...

Read More
News

CMMC Implementation – Level 2 Configuration Management

Introduction Red Hat defines Configuration Management as “a process for maintaining computer systems, servers, and software in a desired, consistent state”.  [1]  In other words, a company will have a complete catalog of its systems’ original configurations,...

Read More
News

CMMC Implementation – Level 2 Awareness and Training

Introduction Don’t be fooled by the “easy” look of the three controls in the Awareness and Training family of NIST SP 800-171, which are requirements in CMMC 2.0.  A training and awareness program takes a significant amount of time to plan and create, and...

Read More
News

CMMC Implementation – Level 2 Access Control

Introduction In our last blog we looked at the CMMC Level 1 requirements derived from FAR 52.204-21, a number of which pertained to Access Control.  This publication will look specifically at the Access Control requirements for CMMC Level 2, which are found in...

Read More
News

CMMC Quarterly Update

CMMC Oversight Shifts to DoD CIO On February 2, the Deputy Secretary of Defense issued a Memorandum disestablishing the position of Chief Information Security Officer in the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD A&S) and...

Read More
News

CMMC Implementation – Level 1 (the FAR)

Source: Barbara Wert, Sr. Regulatory Compliance Specialist Introduction In November 2021, FoxGuard provided an introduction to CMMC 2.0 (Current State of CMMC). One of the notable changes mentioned was the removal of extra controls in CMMC, leaving the revised...

Read More
News

The Current Status of CMMC

The Current State of CMMC
FORWARD MOVEMENT OF THE DIB, DISPITE THE UNKNOWNS

Early in November 2021, CMMC 2.0 was announced, and the changes are significant. What has changed? What hasn’t changed? Considering some of the strenuous objections to the changes that have been announced, what future modifications can be anticipated?

Read More
News

Cybersecurity / Resiliency is a path, not a destination

Source: Monta Elkins, FoxGuard Solutions Hacker In Chief It is not reliable if it is not secure.Ransomware has significantly affected companies abilities to deliver their product (and in some high profile cases, deliver other people’s products). A backup guards...

Read More
News

FoxGuard Solutions Teams Up with Industrial Defender

Transforming Patch and Vulnerability Management for OT Security Teams. This partnership combines Industrial Defender’s depth and breadth of asset data collection with FoxGuard’s ability to report, acquire, validate and deploy vendor-approved patch and vulnerability...

Read More
News

FAR, DFARS, and CMMC, oh my …

Source: Barbara Wert, Sr. Regulatory Compliance Specialist Introduction Immediate action towards compliance to handling Federal “Controlled Information” (CI) is required for Government contractors and subcontractors who wish to be eligible for Department of Defense...

Read More
News

CVE-2020-1472 Vulnerability

Source: Monta Elkins, Hacker-In-Chief The CVE-2020-1472 vulnerability allows an unauthenticated attacker to completely compromise all Active Directory services. This vulnerability has been dubbed “Zerologon” by the security company that discovered it, Secura (link to...

Read More
News

NERC CIP requirements coming into effect

As electric utilities look towards furthering their compliance programs, consideration needs to be made around software integrity and authenticity. Of the new NERC CIP requirements coming into effect in October 2020, two of them deal with this concept – CIP-010-3 R1...

Read More
News

NERC CIP NEW REGULATIONS ACTIVE JULY 1, 2020 – ARE YOU READY?

CHRISTIANSBURG, Va. Tuesday, April 2, 2019 - FoxGuard Solutions, Inc, as an active member of the NERC CIPC Supply Chain Working Group, was part of the discussions involving NERC CIP-010 and CIP-013 regulations that become enforceable this year. On July 1, 2020, a new...

Read More
News

The Other Side of Responsible Disclosure

Source: Michele Wright, Product Manager I have been part of several conversations recently and the topic of “responsible disclosure” seems to be coming up more and more. There are strong opinions around who needs what information at what time. There are many...

Read More
News

How to Mitigate Microsoft Vulnerabilities

(CVE 2020-0601), (CVE 2020-0609/2020-0610), (CVE 2020-0611) Source: Trace Bellassai   Several serious security vulnerabilities have been made recently made public which affect Microsoft operating systems. Three vulnerabilities that are of significant...

Read More
Event

ASUA Global Force Symposium & Exposition

The 2020 AUSA  Global Force Symposium & Exposition is a three-day event that will include presentations from the Office of the Assistant Secretary of the Army (Acquisition, Logistics and Technology), the United States Army Materiel Command, and the United States...

Details
Event

Protect Our Power

Come see our very own Monta Elkins speak 8:45 – 9:30 on Vulnerability Disclosure. Protect Our Power’s 2nd Best Practices – Utility Cybersecurity conference, will provide critical updated information for anyone who can benefit from learning from or contributing to best practices for the utility cyber sector. Taking place immediately before the opening of DistribuTECH, this conference is a must-see.

Details
Event

I/ITSEC

We are excited to be attending I/ITSEC again this year. Please come visit booth #2123 if you are in the area. The Interservice/ Industry Training, Simulation and Education Conference (I/ITSEC) is the world’s largest modeling, simulation and training event. Held near the beginning of December in Orlando, Florida, USA.

Details
Event

S4x2020 ICS Security Conference

We are excited to be a part of the S4x20 ICS Security conference again this year. Please come out and see us if you are in the area. Set free a conservative, slow-moving, change-resistant community to discover new ideas and come up with innovative ways to use these new ideas to deploy secure, resilient and better ICS.

Details
News

Software Integrity and Authenticity

Source: Michele Wright, Product Manager As electric utilities look towards furthering their compliance programs for 2020, consideration needs to be made around software integrity and authenticity. Of the new NERC CIP requirements coming into effect next year (July 1,...

Read More
News

FoxGuard Solutions Joins The Framatome Family

FOR IMMEDIATE RELEASE Framatome announces the acquisition of FoxGuard Solutions, a U.S. company dedicated to the field of integrated cybersecurity, industrial computing, and regulatory compliance solutions. “We are very pleased to welcome FoxGuard Solutions to...

Read More
Event

FoxGuard Joins Framatome!

FoxGuard Solutions announced on 10/1/2019 that it has joined the Framatome Inc. family, as a wholly owned subsidiary. Framatome is an international leader in nuclear energy recognized for its innovative solutions and value-added technologies for the global nuclear...

Details
News

Energy Sector Asset Management

A PRACTICAL GUIDE – ENERGY SECTOR ASSET MANAGEMENTOver the past several months, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has been working on a cybersecurity project involving asset...

Read More
News

e-Waste: Is Your Product Compliant?

E-WASTE: IS YOUR PRODUCT COMPLIANT?Reclamation of metals and alloys in EEE, such as silver, gold, and copper, is one important benefit of regulating e-waste; however, protection for human health and the environment from the release of harmful chemicals contained in...

Read More
News

COMPLIANCE UPDATES

Source: Barbara Wert, Sr. Regulatory Compliance Specialist RoHS – RECAST v. AMENDMENT Contrary to what many believe, the updated requirement under 2015/863 for compliance to ten substances rather than six does not constitute the “next generation” of RoHS. As of...

Read More
Event

DefCon

Nation State Supply Chain Attacks for Dummies -or- Chipping Cisco Firewalls August 9, 2019 4:00 PM Back in October 2018, Bloomberg recounted a Chinese supply-chain attack on Supermicro motherboards used in servers for Amazon, Apple and more. Here is how Monta...

Details
Event

CyberSenate

“Protecting and Securing Digital Transformation” 6th Annual INDUSTRIAL CONTROL CYBERSECURITY USA CONFERENCE

Details
Event

Navy Palt

Purpose: Provide updated information and status of ongoing acquisitions, which have been formally announced via FedBizOpps, Navy Electronic Commerce Online, TSIS or the NAWCTSD Business Opportunities webpage. There is no agenda; this is industry’s opportunity to ask...

Details
News

Debunking the Mystery of the Update Rollups

Source: JC Boysha, IT System AdministratorIf you’ve been in the game awhile you know that Windows Updates used to be pretty straight-forward. They consisted of a list of patches, each with their own associated KB (or Knowledge Base) article indicating what they were...

Read More
News

NIST SP 800-37 Revision 2 PUBLISHED

Barb Wert, Regulatory Compliance SpecialistToday the National Institute of Standards and Technology (NIST) published Revision 2 of SP 800-37 – Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and...

Read More