Insider Threats
The GCC Preparation Guide
Between constant national-security compliance updates, the increase in cybersecurity incidents, and the need for cleared personnel to remotely access network resources such as applications or sensitive data, there had to be a solution available that balances user accessibility with security and compliance. This prompted the creation of Microsoft 365 Government Community Cloud (GCC) just a…
Read MorePhishing Techniques: How to Keep Your Facility Safe by Looking at Past, Current, and Upcoming Phishing Techniques
Phishing is THE main culprit of modern-day data breaches. It shows no favoritism by attacking both ordinary people and businesses alike and will only increase in prominence over the next few years. The Federal Bureau of Investigation (FBI) estimates that as high as 90% of all cyber incidents are sourced at phishing and believes we…
Read MoreTop Seven DCSA Training Requirements for FSOs
Because of the magnitude involved in working with classified information about our national security, the Defense Counterintelligence and Security Agency (DCSA), in conjunction with the National Industrial Security Program Operating Manual (NISPOM), has set numerous submission and sponsorship standards to acquire and maintain a Facility Security Clearance (FCL). Arguably, one of the most tedious is the DCSA…
Read MoreSafer Federal Workplace – Why Screening is Getting More Difficult
Whether you’re talking about individual facility security teams or the Federal Protective Service as a whole, there’s no question that their responsibilities for screening federal buildings are becoming exponentially challenging. The constantly evolving landscape of new threats, risks, and patron expectations puts these teams in formidable positions of trying to reactively create a safer federal…
Read MoreFederal Contractors: How SEAD 3 Helps with New Reporting Guidance
As part of a way to mitigate against evolving insider threats to national security information, the Defense Counterintelligence and Security Agency (DCSA) implemented the Security Executive Agent Directive 3 — commonly referred to as SEAD 3. The directive, which became effective June 12th, 2017, created reporting requirements for defense contractors and employees who have access to classified information.…
Read MoreHow FSOs Can Manage Cybersecurity
While Facility Security Officers (FSOs) aren’t traditionally responsible for managing an organization’s cybersecurity program, their role in protecting national security information and overseeing facility access control systems often puts them in line with the duties of a Chief Information Security Officer (CISO). Managing facility and cybersecurity have become blended today as cyber-attacks become more sophisticated…
Read MoreHow Insider Threats are Evolving in 2022
In the midst of a rising cybersecurity crisis, it’s worth keeping one thing in mind: the best way to infiltrate an organization is from the inside. With experts estimating that two out of every three data breaches are caused by insiders, insider threats remain a major concern for cleared organizations, demanding constant vigilance and alertness from facility security…
Read MoreThe Log4Shell Exploit in Retrospect: 3 Takeaways for FSOs
The holiday seasons have become a perilous time for government agencies and cleared facilities: while everyone else is wrapping gifts, cyber actors are ramping up their malicious activities – and the 2021 holiday season was no exception. At the beginning of December 2021, the Apache Software Foundation disclosed a remote code execution (RCE) vulnerability in the popular…
Read MoreWhat’s New in 2022? Security Predictions for Cleared Facilities
2021 was an eventful year for cleared facilities, bringing new federal security legislation driven by changing trends in technology and the workforce. With rising cybersecurity threats and international conflict on the horizon, 2022 is shaping up to be just as disruptive, and FSOs must be prepared. Today, FSOs stand at the front line of America’s…
Read MoreEverything FSOs Need to Know About CMMC 2.0
In November 2021, the Department of Defense (DoD) introduced a major update to the Cybersecurity Maturity Model Certification (CMMC): CMMC 2.0. According to the original announcement, this update included significant changes from the previous version of CMMC (1.02), including reduced dependence on third-party assessment, and the elimination of security controls unique to CMMC. In December 2021,…
Read More