Blog

Visit Sera-Brynn’s Booth at NARA’s CUI Industry Day!

Sera-Brynn offers professional services and tools to help identify and map the flow of Controlled Unclassified Information (CUI) throughout a government contractor’s information systems. The presence of CUI is of significant consequence to government contractors and their cybersecurity programs. On December 10, 2018, the National Archives and Records Administration (NARA) is hosting an event on… Read more »

GSA’s proposed new rule to govern data breaches, government access, proprietary information, and contractor responsibilities

In November 2018, U.S. General Services Administration (GSA) published its intent to enact a new rule on the reporting of data breaches. GSA is the U.S. government’s lead contracting agency. GSA also manages many government-wide IT security programs, like FedRAMP and cloud.gov. The proposed rule will ensure that GSA, plus the agency customer, will have… Read more »

Using Red Team Assessments to Test Security Maturity

Red teaming is an under-appreciated term in modern businesses.  Red teaming is an opportunity for leadership to understand how an entire system works together to protect information critical to a company’s existence, their “crown jewels.” Red teaming in the age of the Internet has had companies focusing exclusively on CYBER Red Teams.  However, such an… Read more »

Still Lagging on DFARS? The Navy Has A Memo For You

by Heather Engel, Sera-Brynn Chief Strategy Officer The Assistant Secretary of the Navy recently released a memo imposing additional requirements on select contracts. For the last three years, Defense contractors have been working (some more diligently than others) to comply with DFARS clause 252.204-7012 that requires implementation of NIST SP 800-171. I’ve written numerous articles… Read more »

But Seriously, What is a 3PAO?

3PAO means “third party assessment organization” under the FedRAMP program. FedRAMP is the U.S. government’s first program for the protection of federal information in the cloud. A 3PAO audits the cloud service provider because, in short, self-assessments are not permitted. Stated another way: a 3PAO is an independent entity that performs initial and period security… Read more »

Privacy Framework: NIST is in the House.

This month, NIST kicked off a series of public meetings to highlight its efforts to create a voluntary Privacy Framework. Much in the same way it developed the Cybersecurity Framework, NIST is trying to achieve a technology-privacy balance within the guidance by crowdsourcing its way there.  By bringing in views from federal agencies, small businesses,… Read more »

FedRAMP: A Heavyweight Security Framework for Cloud Service Providers

You need FedRAMP if you want to prove your cloud services is secure enough for U.S. government data. Read the full September 6, 2018 article published on cybersecurityventures.com here. In its latest Compliance Report for Cybersecurity Ventures, Sera-Brynn shared how FedRAMP came into being, who should care, and why being FedRAMP-authorized is important for companies. “The… Read more »

Good Communications Planning Increases Resilience

By: Loren Dealy MahlerPresident, Dealy Mahler Strategies, LLC The last two years have given us a plethora of news headlines taking companies to task for incidents that exposed or directly compromised customer data. From very large events involving millions of financial records, to smaller events involving personal health information, the hits just keep coming. As… Read more »

Cyber Tips For Students Heading Off To College

College is in full swing and thousands of students have their laptops, smartphones, tablets, gaming consoles and a myriad of other electronic devices. But are they taking the proper precautions against the risks posed by the use of those devices? Whether it’s having someone walk off with an unattended device, being the victim of a… Read more »

The Kaspersky Ban

October 1, 2018 Deadline for Government Contractors to Comply with the FAR Ban on Kaspersky Lab Products Nears On October 1, 2018, U.S. government contractors will need to be compliant with the government-wide ban on the use of Kaspersky Lab products and services in support of their government contracts.  An interim rule requiring the insertion… Read more »