June 22, 2020
June 22, 2020
STIG vs. CIS part 1: The Anatomy of Baselines and Compliance
This blog is part 1 of our multi-post blog series on STIG vs. CIS. In this series, we will give...
Read MoreApril 23, 2020
Compliance or Engineering: Cybersecurity’s Chicken & the Egg
Compliance-First or Engineering-First Approach? What came first, the chicken or the egg? This common idiom befuddles many issues amongst philosophical...
Read MoreApril 21, 2020
Security Baseline and Compliance Automation Webinar
How to Overcome Compliance Barriers with Security Automation Overview: We’ll be honest with you, compliance is hard. Between shifting compliance...
Read MoreApril 14, 2020
Keys to A Successful Onsite Vendor Assessment for your TPRM program
February 28, 2020
How the CMMC Shows a Greater Focus on Third-Party Risk Management
CMMC & Third-Party Risk Management Comply or Say Goodbye If you’re not familiar with the Cybersecurity Maturity Model Certification (CMMC), you’re not alone—but for those...
Read MoreFebruary 24, 2020
A Day in the life at MPG: Governance, Risk, and Compliance Manager
What it’s like to Work as a Governance, Risk, and Compliance Manager This month we’re interviewing Anita Walker, a Governance, Risk, and Compliance (GRC) Manager at MindPoint Group (MPG) and...
Read MoreFebruary 14, 2020
3 Ways to Prepare for CMMC
3 Ways to Prepare for CMMC The Cybersecurity Maturity Model Certification (CMMC) is a recent mandate from the Department of Defense (DoD) for all vendors to...
Read MoreJanuary 27, 2020
Top 4 reasons why you need FedRAMP Certification
November 21, 2019
Getting started with DFARS and FISMA compliance
There’s an easier way to accelerate compliance If you’re reading this blog, you’re probably already aware of how difficult it...
Read MoreNovember 5, 2019
It’s past time we modernized security hardening procedures
Security baseline automation of STIG and CIS controls with Ansible is improving resource management and compliance With an ever-growing workload...
Read MoreMay 15, 2019
Even with automation, security baselines like STIG or CIS remain a challenge to manage. But there is hope.
Ever ask a sysadmin what they find most tedious about their job? If they’re being honest, keeping up with security...
Read MoreJune 10, 2018
Inherent Risk Tiering for Third-Party Vendor Assessments
December 15, 2016
A+: AMI’s, Automation & AWS
A few weeks ago, I attended AWS re:Invent 2016 with nine of my colleagues. If you have never been, re:Invent is...
Read MoreNovember 27, 2016
The AWS Shared Security Model – Part II: A Step Towards FedRAMP Compliance
If you have a cloud service offering that you are trying to market to the Federal Government, chances are you’ve...
Read MoreNovember 24, 2016