In our continuing series on penetration testing, we have discussed different approaches to pen testing the benefits of conducting such tests. Here, we will continue by addressing penetration testing as a practice inside one of the most important security frameworks for federal agencies and contractors: NIST 800-53.

While the core documentation of NIST 900-53 contains hundreds of security controls, one dedicated section speaks to the value and best practices of penetration testing. Here, we’ll discuss how penetration testing plays a role in NIST 800-compliance and how you can incorporate it into your compliance strategy. 

Read More

Penetration testing is an increasingly common security practice for many businesses using sophisticated IT or cloud systems. Under CMMC, penetration testing is even more important because achieving higher levels of responsibility and capabilities calls for some form of penetration testing. 

Here we’re discussing how penetration testing plays into CMMC regulations and when you can begin to expect it as a requirement. 

Read More

Cloud and IT services in federal and defense markets are a booming business. The national infrastructure is turning to stable and flexible IT infrastructure to help mobilize the supply chain in a way that can meet modern security and domestic challenges. Accordingly, many businesses are turning to new certification frameworks like CMMC to support contracting in these areas. 

Here we’re talking about what it means to prepare for CMMC certification. Contrary to popular belief, there are steps you can take to prepare before you even meet with a professional auditor to help that partner better serve you and streamline your compliance process. 

Read More