As part of an ongoing series on using privileged account management solutions to meet DFARS requirements, CyberSheath’s security consultants have explored technical controls in great detail, providing readers with real world applications that make a meaningful impact. This week CyberSheath continues to explore NIST control 800-171, “separate the duties of individuals to reduce the risk of malevolent activity without collusion”.
Hacking into a locked Windows or Mac computer should not be this simple, and yet it is. A security design flaw was recently exposed that shows a PC or Mac that is logged in but locked can have the login credentials stolen. The hack takes an average of 13 seconds and the credentials can then be used to compromise all other accounts sharing those credentials. Here’s how it works and what it means for your enterprise.
CyberSheath’s security consultants and implementation engineers have previously written about utilizing privileged account management solutions to meet DFARS requirements, and this week James Creamer continues to explore DFARS control requirements in detail.
Last week CyberSheath began a new series, “In-Depth Look at PAM Controls for DFARS Requirements”, dedicated to providing a detailed analysis on how privileged account management solutions play an important role for organizations in meeting DFARS requirements.
Recently, a congressional investigation conducted by the U.S. House of Representatives’ Committee on Oversight and Government Reform reported that the two major data breaches suffered by the U.S. Office of Personnel Management (OPM) in 2014 and 2015 were indeed preventable and in fact, made worse by lax security regulations and ineffective management. The OPM is an organization that manages aspects of federal employment, such as background checks, for most government agencies. These massive attacks resulted in the compromise of sensitive data belonging to more than 22 million people.
On July 21, 2016 the North American Electric Regulatory Commission (NERC) was given a directive to develop new risk management standards aimed at addressing risks to the information systems in the supply chain of electric system assets. The new standards will cover risks related to remote vendor access, software integrity and authenticity, vendor risk management, procurement controls, and more.
If you have been following the CyberSheath blogs, you might have seen an increased focus on the updated DFARS regulations. These protocols dictate the newly imposed federal requirement for compliance with the NIST 800-171 controls for government contractors who process, transmit or store controlled unclassified information (CUI). The December 2017 deadline for compliance is fast approaching and contractors are required to meet the requirements of the regulation or face possible penalties. The federal government has continued to prioritize its cybersecurity initiatives and isn’t slowing down.
In previous blogs, CyberSheath security analysts have identified new cyber security requirements from the recent changes to DFARS and have provided solution overviews for meeting those requirements and regulations. The series “In-Depth Look at PAM Controls for DFARS Requirements” will expand on previously mentioned regulations and provide a more granular look at how privileged account management solutions can play an important role in meeting DFARS requirements.
Serious concerns about potential security flaws in the current global cellular network have been suspected for several years, but have been mostly disregarded as theoretical. In February 2014, suspicions grew significantly when a phone call by a US Ambassador was mysteriously leaked onto YouTube, believed to have been intercepted by someone using the suspected flaws in Russia. Since then, security research teams have confirmed the flaws are very real and made their findings public but have gotten relatively little attention, like the study released in February by AdaptiveMobile.