IT Dojo Announces Security Control Assessment (SCA) Training Workshop

Training Overview Security Controls Assessment Workshop provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today’s IT systems. This course shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and…

NIST 800-171: Confusion and the Protest Docket

By Kathryn Daily, CISSP, RDRP I’m sure by now you’ve at least familiarized yourself with NIST 800- 171, “Protecting Unclassified Information in Nonfederal Information Systems and Organizations.” What wasn’t made clear was how DoD will evaluate a contractor’s System Security Plan (SSP). In May, DoD released draft DoD Guidance for Reviewing System Security Plans and…

RMF Applied to Modern Vehicles

By P. Devon Schall, CISSP, RDRP During a recent RMF literature search, I came across an interesting article titled “RMF Applied to Modern Vehicles”. The article was published by Charlie McCarthy and Kevin Harnett in 2014 and sponsored by the National Highway Traffic Safety Administration (NHTSA). The overall goal of the research was to collect…

IT Dojo Introduces: STIG 101 Training

By Kathryn Daily, CISSP, RDRP NIST 800-53, and specifically Security Control CM-6, requires an organization to a. Establish and document configuration settings for information technology products employed within the information system using [Assignment: organizationdefined security configuration checklists] that reflect the most restrictive mode consistent with operational requirements; b. Implement the configuration settings; c. Identify, document,…

NIST 171—What’s That?

By Kathryn Daily, CISSP, RDRP If you heard a whooshing sound on New Years Eve, that was probably the deadline for compliance with NIST 171 flying by. A lot of you might be asking “What is NIST 171?” NIST 171 is a set of requirements documented in the NIST Special Publication 800-171 (Protecting Controlled Unclassified…

Certification Suckers

In my moderately cynical view, vendor certification exists for one reason: To enable vendors to sell more stuff. Cisco, Microsoft, Amazon and VMWare (and all vendors, really) need people to be certified in the use of their products because it enables their salespeople to be able to come into a prospective customer’s office and say,…