CMMC, NIST 800-172, and Advanced Persistent Threats

persistent threat computer button

As organizations move up the CMMC maturity model, they do so for one reason: to prepare themselves better to protect against Advanced Persistent Threats (APTs). These threats are a significant problem in the defense supply chain, and as such, CMMC leans heavily on NIST 800-171 and 800-172 to address them. 

This article introduces how these documents, particularly Special Publication 800-172, address APTs.

 

Read More

What Is the Open Security Controls Assessment Language (OSCAL)?

Image of XML - OSCAL featured

There’s recently been a push within FedRAMP towards modernizing the framework to meet modern security challenges and better align federal security standards across agencies and technologies. 

Part of this push is standardizing how security controls are measured and assessed, and the most recent blog from FedRAMP mentions a new standard–OSCAL. 

Here, we will discuss OSCAL, why the National Institute of Standards and Technology (NIST) is creating it to address assessments, and how we streamline them. 

 

Read More