The ongoing rise of state-sponsored Advanced Persistent Threats (APTs) has increased scrutiny of federal and state IT systems security systems. The latest version of CMMC includes a high-maturity level specifically designed to address these threats, which relies primarily on advanced security controls listed in NIST Special Publication 800-172.
As organizations move up the CMMC maturity model, they do so for one reason: to prepare themselves better to protect against Advanced Persistent Threats (APTs). These threats are a significant problem in the defense supply chain, and as such, CMMC leans heavily on NIST 800-171 and 800-172 to address them.
This article introduces how these documents, particularly Special Publication 800-172, address APTs.
There’s recently been a push within FedRAMP towards modernizing the framework to meet modern security challenges and better align federal security standards across agencies and technologies.
Part of this push is standardizing how security controls are measured and assessed, and the most recent blog from FedRAMP mentions a new standard–OSCAL.
Here, we will discuss OSCAL, why the National Institute of Standards and Technology (NIST) is creating it to address assessments, and how we streamline them.