Analysis

Live Webinar NIST 800-171 Compliance Higher Education / Research Institutions

Thursday, May 10, 2018 2 – 3pm EST Register here Heather Engel, Sera-Brynn’s Chief Strategy Officer will discuss the challenges colleges and universities face as they attempt to secure their cyber infrastructure to comply with new federal regulations as a condition of receiving research grants. Sera-Brynn is a top 10 global cybersecurity compliance firm. “Most… Read more »

DoD releases a much-anticipated update to the FAR/DFARs FAQs.

What you need to know now By Heather Engel, Sera-Brynn Chief Strategy Officer DoD’s original FAQ was issued in January 2017, with answers to 59 questions on general application, security requirements, and cloud computing. The FAQ issued on April 2, 2018 nearly doubles that with answers to 109 questions on DFARS 252.204-7008 and 252.204-7012, FAR… Read more »

Cloud Service Provider Requirements for FedRAMP Compliance

By Lindsey Benes, Sera-Brynn Security Analyst In the realm of securing sensitive data, acronyms abound and FedRAMP is one heard quite often. The Federal Risk and Authorization Management Program, or FedRAMP, was developed to standardize the approach to security assessment, authorization and continuous monitoring for cloud products and services. FedRAMP was developed in collaboration with… Read more »

ICYMI: Webinar – Cybersecurity Compliance for Higher Education: 2018 and Beyond, presented by Williams Mullen & Sera-Brynn (03.06.2018)

In case you missed it, watch our latest webinar for higher education here. The complexity of operations, research and compliance mandates in higher education presents unique challenges in securing information systems. Cybersecurity compliance affects everything from the handling of student data to the use of cloud services and supply chain management. You will learn:  … Read more »

Defense Federal Acquisition Regulation Supplement Presentation

Strategic Planning for Cyber Risk: Protecting Data and Meeting Regulatory Requirements with NIST SP 800-171 Mar 27, 2018 – Everyone welcome! If your organization accepts Federal or Department of Defense dollars, understanding Federal Acquisition Requirements (FAR) and NIST SP 800-171 is a critical compliance issue that affects everything from risk management to supply chain security…. Read more »

Raising the bar on cybersecurity

By Heather Engel, Sera-Brynn Chief Strategy Officer Deputy Defense Secretary Patrick Shanahan said recently that the Defense Department needs to have a much higher standard of security, including for the Defense Industrial Base and warned that a high bar for cybersecurity will be a condition of doing business. For the last several years, defense contractors… Read more »

New York Rule 500 dictates NY financial institutions must certify cybersecurity programs by February 15, 2018

New York State is the first in the U.S. to impose a comprehensive cybersecurity regulation on financial institutions, and the regulation, “Cybersecurity Requirements for Financial Services Companies,” (also known as NY Rule 500 or 23 NYCRR Part 500) has a key deadline on the horizon. February 15, 2018 is the date by which the entities… Read more »

DFARS 7012 and Supply Chain Cyber Risk Management

Day-in and day-out, U.S. companies are under cyber-attack by criminals, hacktivists, bored kids and nation-states. Nation-state sponsored actors, including China and Russia, are known as Advanced Persistent Threat (APT) actors, and have been extremely successful in compromising the networks of commercial organizations, particularly those companies conducting work for the Department of Defense. In fact, these… Read more »

Top 10 Mistakes in Implementing the NIST 800-171 Cybersecurity Requirements

Businesses supporting the U.S. Department of Defense work have 10 weeks left to fully comply with the cybersecurity provisions of the Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 and associated clauses. At Sera-Brynn, we’ve been advising clients on the DFARS and NIST requirements since 2014, and we’ve seen mistakes from companies of all sizes… Read more »