Preparing for a Cybersecurity Maturity Model Certification (CMMC) 2.0 assessment can be completely overwhelming. Here’s the good news: If you’re NIST 800-171 compliant, you’re more than halfway there. If you’re not, you’ve got some work to do for sure, but it’s not as complicated or daunting as you may fear.
NIST 800-171
Read More
Microsoft’s Azure Government has become a trusted cloud for US government agencies, contractors and the Defense Industrial Based (DIB), providing unified security to protect the nation's data, and solutions for secure remote collaboration. Microsoft’s Azure Government uses the same underlying technologies as Azure, which includes the core components of Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). The increased security is achieved because it is a physically isolated sovereign cloud environment dedicated to US federal, state, local, and tribal governments, and their partners. It provides an extra layer of protection to mission-critical workloads through contractual commitments regarding storage of customer data that is subject to various US government regulations such as Export Administration Regulations (EAR) and International Traffic in Arms (ITAR). Azure Government offers additional security by relying on screened US personnel.
The Cybersecurity Maturity Model Certification (CMMC) Framework is used by the DoD to verify that sensitive data being handled by defense industrial base (DIB) contractors is properly protected on the contractors’ systems to avoid risk of a compromise from a cybersecurity attack. CMMC uses third-party assessment organizations to verify contractors’ safeguarding of controlled unclassified information (CUI) including International Traffic in Arms Regulations (ITAR) data, federal contract information (FCI), and compliance with certain mandatory practices, procedures and capabilities that can adapt to evolving cyber threats.
In November 2021, the DoD announced CMMC 2.0. It’s important to understand key changes and timelines associated with CMMC 2.0, how it compares to CMMC 1.0, and what you need to do to prepare.
Read More
Cloud security is a constant concern for organizations of every size. Stopping malicious actors from accessing your company’s systems and data is a top priority, but is made difficult by the number of different exploit techniques coupled with the sophistication of the attacks. One area of particular concern is legitimately compromised user credentials. For example, if a password I use frequently (maybe even a strong one) is exposed in a breach of an e-commerce company. The malicious actor located in Moscow who obtains this userID (likely an email of mine) and password then does a quick lookup on LinkedIn and finds that I work at Daymark. From here, the exploit is obvious. They now have a legitimate username and password combination and while we do employ multi-factor, there are constant threats to that.
Read More
Conditional Access in Azure AD provides a level of security required to maintain appropriate controls over who can access confidential and privileged information. It was the topic of discussion at our most recent “Ask the Engineer Q&A Roundtable” where attendees learned tips for a successful Conditional Access deployment and got answers to their specific questions.
Read More
On February 11 2020, Microsoft released a patch for Exchange Servers that would fix a vulnerability pertaining to unauthorized access to the backend of the Exchange Control Panel. There is now confirmation from a source at the United States Department of Defense that multiple nation-state backed actors and other ransomware gangs are actively and maliciously exploiting this vulnerability on unpatched systems. The vulnerability results from the Exchange Server failing to properly create unique cryptographic keys at the time of installation. The hackers’ sophisticated exploits circumvent encryption, granting them full access of the server.
It is imperative that the latest patches from February 11th be applied as even a single Exchange instance puts you at risk.
Read More
Becoming a publicly traded company has a profound impact on the way a business operates. The technology that is in place, and how it is deployed, can also come under close scrutiny. That was certainly the case for one of Daymark’s life science clients whose pending IPO put a spotlight on network security and data protection. In this blog, Steve Caprio, Daymark Cloud Consultant, answers some questions on the security journey of this enterprise.
Read More
Initially driven by the consumer market, file sync & share solutions have been widely adopted over the last several years. Solutions like DropBox and Box have been continually enhancing their products to become enterprise grade. Microsoft is no exception with OneDrive. OneDrive has been a part of the Microsoft Office 365 suite for some time now and it’s gone through quite a few changes, most, if not all, have been for the better. That’s particularly true of the announcements Microsoft made on May 16, 2017 at their SharePoint Virtual Summit.
Read More
When making a decision to move production workloads to the cloud, one of the first things that is considered is cost. However, there are frequently many hidden costs that are not factored into the cloud decision until they appear in the real world. For instance, what is the cost to end users’ productivity if they don’t have the correct access to the application or system that now resides in the cloud? What new burdens are placed on the IT team if end users, now managing identities in two places, constantly require assistance to access their work? What costs are associated with securely authenticating end users to the workload?
Read More
Healthcare providers today are continuing to rely more and more on the efficiencies of the public cloud to store, send, and manage sensitive data. But it’s challenging to leverage the benefits of the cloud while managing the increasing complexity of healthcare security, compliance and regulatory demands.
That’s where HITRUST comes in. The HITRUST Certification is the most widely recognized security accreditation in the healthcare industry. HITRUST incorporates healthcare specific security, privacy and regulatory requirements from existing regulations such as HIPAA/HITECH, PCI, ISO 27001 and MARS-E as well as industry best practices. Microsoft has recently announced that Azure is one of the first hyperscale cloud computing platforms to become HITRUST CSF Certified. It’s a valuable addition to Azure, providing a single framework for healthcare organizations to leverage the efficiencies, availability, and scalability that Azure provides.
Read More
