Innovative Minds - On Point - One Group  

Compliance

This is the blog for MindPoint Group's Information Security & Privacy (ISP) division. We hope to use this to contribute to and debate ideas among the ISP community.
21
Nov
2019

Getting started with DFARS and FISMA compliance

By:

There’s an easier way to accelerate compliance If you’re reading this blog, you’re probably already aware of how difficult it is deploying hardware or software into the Federal Government. Just for table stakes, you may have to ensure your product is compliant with DFARS (Defense Federal Acquisition Regulation Supplement) and FISMA (Federal Information Security Management

Read More

15
May
2019

Even with automation, security baselines like STIG or CIS remain a challenge to manage. But there is hope.

By:

Ever ask a sysadmin what they find most tedious about their job? If they’re being honest, keeping up with security patching and compliance causes the most headaches. Surprised? You shouldn’t be. Patching continues to be a labor-intensive job with dire consequences for misconfigurations that could down a system or expose parts of the environment to

Read More

10
Jun
2018

Inherent Risk Tiering for Third-Party Vendor Assessments

By:

It can be a challenging and overwhelming task to adequately manage the risk associated with outsourcing technology or business processes, no matter the size or sector of the organization. This is supported by a study sponsored by the Ponemon Institute, which gathered responses from hundreds of respondents across both public and private sectors to present

Read More

15
Dec
2016

A+: AMI’s, Automation & AWS

By:

A few weeks ago, I attended AWS re:Invent 2016 with nine of my colleagues. If you have never been, re:Invent is pretty cool, not your typical conference, and the number of attendees keeps growing year after year. To put it into perspective, 8,000 people attended re:Invent three years ago, while this year that number jumped to

Read More

27
Nov
2016

The AWS Shared Security Model – Part II: A Step Towards FedRAMP Compliance

By:

If you have a cloud service offering that you are trying to market to the Federal Government, chances are you’ve heard about the FedRAMP program by now. You may also be aware that the path to FedRAMP compliance is a time consuming and resource intensive process. This process can be simplified by making some key

Read More