In our continuing series on penetration testing, we have discussed different approaches to pen testing the benefits of conducting such tests. Here, we will continue by addressing penetration testing as a practice inside one of the most important security frameworks for federal agencies and contractors: NIST 800-53.

While the core documentation of NIST 900-53 contains hundreds of security controls, one dedicated section speaks to the value and best practices of penetration testing. Here, we’ll discuss how penetration testing plays a role in NIST 800-compliance and how you can incorporate it into your compliance strategy. 

Read More

Working with federal agencies can be a big boon for enterprise and SMB service providers. Not only are they working in a lucrative and challenging space, but they can also provide critical infrastructural support to the operation and defense of our country. The regulations, however, can prove a nightmare. For example, should you adhere to FISMA vs. FedRAMP? What is NIST? Who can I work with to help me get started? 

Here, we’ll answer one of the more basic and important questions: What is the difference between FedRAMP and FISMA authorization? Depending on the type of services you offer, you could be working through a set of similar, yet slightly modified, regulatory obligations. 

Read More

NIST 800-53 is the cornerstone of many government cybersecurity policies in the United States, including how security shapes partnerships between federal agencies and IT and cloud providers. Understandably, it has gone through several revisions since its initial publication in 2005 to meet evolving security threats. 

Here, we’ll discuss the latest revision of NIST 800-53, Revision 5. This revision will go into full effect for all providers on September 23, 2021, with the withdrawal of Revision 4. 

Read More