Automapping Cybersecurity Controls to CMMC

May 30, 2024 Continuum GRC 0 Comment

CMMC is a crucial framework developed by the Department of Defense to enhance the cybersecurity posture of contractors within the Defense Industrial Base. The CMMC model is crucial for organizations dealing with Controlled Unclassified Information (CUI) because it ensures that these entities meet specific cybersecurity requirements to protect sensitive information.

More likely than not, however, you are not just handling CMMC requirements. Changes are you are juggling multiple frameworks and regulations, all of which have unique and overlapping expectations. This is where automapping comes in.

Awareness

Compliance Automation in the New FedRAMP Memo Draft

Nov 9, 2023 Continuum GRC 0 Comment

The latest FedRAMP draft memo from the OMB shakes up quite a bit about the program. While nothing is set in stone, much ink is spilled on what it will mean for the program and participating cloud service providers.

In this article, we will discuss what this new memo says about automation–specifically, how the program will start approaching automation to ensure compliance within its ecosystem of providers.

Awareness

What is Automated Penetration Testing?

Aug 12, 2021 Continuum GRC 0 Comment

In a previous article, we discussed penetration testing from the perspective of compliance and cybersecurity. While pen testing is often a core component of most regulations, it’s generally a good practice to consider using outside of just checking compliance boxes. A good way to do that is with a partner that can offer automated penetration testing.

What is automated penetration testing? It’s the use of automation and other cloud tools to perform the basics of a penetration test. Sometimes mistaken for vulnerability scanning, automated penetration tests provide additional insight and continuing coverage that annual pen tests do not.