The TSA has renewed with revisions, Security Directive 1580/82-2022-01A Rail Cybersecurity Mitigation Actions and Testing. The updated Directive takes effect 10/24/2023 extending the requirements for another year. Revisions to the Security Directive... Read More
Introduction A System and Information Integrity program is critical for managing risks from system weaknesses, malicious code intrusion, and application errors. System Flaws and Security Alerts Control3.14.1Identify, report, and correct system flaws in a timely... Read More
There’s not much new in the world of CMMC. Joint assessments with C3PAOs and DIBCAC continue, but we all await the final 2.0 rules, which are still expected in the Spring of 2023. In the meantime, don’t stop preparing! Continue working through your POAMs,... Read More
Introduction Policies and procedures for System and Communications Protection should adhere to applicable Federal laws, Executive Orders, standards and guidance. This area focuses on the exchange of information within a system or a network. Monitor, Control,... Read More
Introduction As rapidly changing technologies and vulnerabilities materialize daily, organizations must have a security plan of action and milestones documented. This plan of action and milestones or POAM should be proactively followed by an assessment of the controls... Read More
Introduction A Risk assessment is a process of determining how effectively systems meet specific security objectives. A proper risk assessment plan should answer the following fundamental questions: What is the scope of the assessment?Who is authorized to conduct the... Read More