Blog

Navy Gets Tough on DFARS Cybersecurity Compliance with Updated Acquisition Regulations

Last year we told you about a 2018 Navy memo, known as the Geurts Memo, which required defense contractors to implement certain controls for NIST SP 800-171, some of them going beyond 171 requirements. If you didn’t see our write-up, it can be found here: “Still Lagging on DFARS? The Navy Has A Memo For… Read more »

The Higher Ed Model for Cybersecurity Compliance

There are fundamental challenges to fully implementing the NIST 800-171 cybersecurity framework. However, a new study shows that higher education institutions overcome these challenges and place among the top tier of organizations for compliance. Organizations that handle sensitive government information and data face a foreign intelligence threat that is unprecedented in history. Despite this, most… Read more »

CMMC Listening Tour Event in Huntsville, Ala. to Feature Sera-Brynn Expert Heather Engel

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has announced a new stop on its Cyber Security Maturity Model (CMMC) listening tour: the Cloud Security and Compliance conference. Hosted by Summit 7 Systems, the one-day conference will be held in Huntsville on August 27, 2019. Registration is available here. Presenting… Read more »

Cybersecurity Audit and Advisory Leader Sera-Brynn Launches Cornerstone Continuous Monitoring Solution: SIEM as a Service

SUFFOLK, VIRGINIA (July 30, 2019) Sera-Brynn, a global leader in cybersecurity compliance and risk management, announces the launch of its Security Information Event Management as a Service (SIEMaaS). SIEM as a Service is an advanced monitoring service to detect cybersecurity attacks and network breaches so that immediate action can be taken. Sera-Brynn’s forensics experts and… Read more »

The Guardians of Society – MSPs

You read that right.  And I’m especially referring to Managed Service Providers (MSPs) that support the Information Technology needs of small and medium-sized businesses. Here’s why: Small businesses represent half of the country’s GDP. They represent just over 99% of all employer firms, and 64% of all net-new private sector jobs. They handle sensitive data… Read more »

Interview with Heather Engel

Aviva Zacks of Safety Detective interviewed Heather Engel, Sera-Brynn’s chief strategy officer, to find out how her company helps others minimize cybersecurity risks. Check it out the full interview here: Interview with Heather Engel – Sera-Brynn

What You Need to Know About 800-171 Revisions

The long awaited NIST 800-171 Revision 2 and 800-171B drafts were released for comment today. There have been no major changes to the controls in Revision 2. This is good news for many in the DIB who have been diligently working to implement and maintain the security requirements. Of more interest is 171B enhanced security… Read more »

Join Sera-Brynn on June 21 in DC @ the CUI Industry Day

Sera-Brynn is excited to be part of the National Archives and Records Administration (NARA)’s 2nd Industry Day on the Controlled Unclassified Information (CUI) program. The one-day event (free and open to the public) is a good spot to connect face-to-face with some of the Sera-Brynn team, and check out the services that have been developed… Read more »

Pentagon to Unveil New Cybersecurity Maturity Model Certification (CMMC) for Defense Contractors

The Department of Defense announced that it is developing a new cybersecurity standard and certification for defense contractors. It is named the “Cybersecurity Maturity Model Certification” (CMMC). Notably, the intent of the CMMC is to improve cybersecurity deficiencies in the defense industrial base and secure the supply chain. The CMMC is expected to be based… Read more »

Pop Quiz: When is Pen Testing a Compliance Requirement?

We live in a world where organizations are required to pen test their IT systems and networks. Sometimes. Do you know when penetration testing is required? Or when it’s industry standard? Or when it’s just a good idea? Penetration testing, sometimes called ethical hacking, simulates real-world ways hackers can compromise network and IT assets. The… Read more »