Managing cybersecurity threats is a full-time job, and most cybersecurity specialists rely on shared knowledge between experts in the field to combat these threats. The Common Vulnerabilities and Exposures (CVE) database provides a starting point for this kind of knowledge, centralizing an index of known security vulnerabilities in the wild. 

The CVE program recently joined with the Cybersecurity and Infrastructure Security Agency (CISA), which then feeds into new directives for federal agencies and cloud service providers (CSPs). One of these directives, Binding Operational Directive 22-01, establishes this new list and several other requirements for regulated organizations and is trickling down into other security requirements, including FedRAMP. 

Read More

Discussions about security and compliance disproportionately focus on businesses and enterprises, precisely because these organizations serve as central repositories for critical industrial or consumer information. Accordingly, regulations and best practices are often tied to securing this infrastructure, with consumers getting little to no attention. 

However, the reality of modern cybersecurity threats is that almost all major security breaches are related in one way or another to social engineering–that is, the manipulation of people to breach data systems. Unfortunately, that doesn’t seem like it is changing any time soon. 

Read More

The federal government has strict and comprehensive regulations on how agencies handle constituents’ personal information. This is just as true for tax information. The IRS leans on established guidelines associated with federal security to dictate regulations for agencies that handle tax information and, by and large, treats that information as a sensitive and critical part of operations. These guidelines are housed in the robust regulatory document called IRS 1075. 

Read More