Information Technology Navigator

It’s been almost a year since we wrote about the risks of delaying CMMC (Cybersecurity Maturity Model Certification) compliance. The only thing that has remained constant since then is that CMMC is not going away. There have been many noteworthy recent developments in the DoD supply chain news space related to updates for DIB contractors to comply with the DFARS 7012 requirements to safeguard CUI (controlled unclassified information) data. The CMMC 2.0 final rulemaking timeline continues to shift from over the horizon to right around the corner, and the recently released NIST 800-171 revision 3 draft amplifies concerns about upcoming changes to the framework requiring additional protections for prime and subprime organizations supplying the DoD.

Read More

A CISO Primer on Navigating Cyber Insurance

After 10+ years of working with clients to negotiate and place cyber insurance, I’ve noticed that one of the most frequent challenges has always been getting the underwriters and my client’s information security stakeholder (like a CISO or CIO) to understand each other. It’s no surprise that insurance is *gasp* slow to evolve – but in their defense, underwriters have come a long way over the last three years. It’s also no secret that being a CISO is one of the most important leadership roles within a company these days. So why are there massive communications disconnects? Why are CISO’s often ill equipped (through no fault of their own) to navigate the cyber insurance ecosystem? How are brokers and their underwriting partners not ensuring that their clients understand the coverages within cyber policies and how the insurance contracts work? How can we bring all the stakeholders in the process together to make our clients more resilient and create a sustainable cyber insurance marketplace? This blog aspires to demystify cyber insurance for all the information security stakeholders in the room so that they are best equipped to dovetail their strategy with what the insurance marketplace is looking for.

Read More

Microsoft’s Azure Virtual Machine (Classic) is approaching its full retirement date of September 1, 2023. "Classic" in IaaS VMs refers to VMs managed by Azure Service Manager (ASM). While ASM has full IaaS capabilities and many enhancements over the years, the management of IaaS VMs through Azure Service Manager was deprecated by Microsoft in February 2020. ASM is the old control plane of Azure, responsible for creating, managing, and deleting VMs as well as performing other control plane operations. It’s estimated that 10% of IaaS VMs are still using Azure ASM. Those organizations need to start planning their migration today, given that full retirement is less than three months away.

Impact of this Retirement Notice

Read More

An Introduction to Cybersecurity for the Defense Industrial Base:

In today's digital age, cybersecurity is of paramount importance, particularly for organizations within the Defense Industrial Base (DIB). In January 2020, the United States Department of Defense (DoD) introduced the Cybersecurity Maturity Model Certification (CMMC) framework, building upon established cybersecurity standards from National Institute of Standards and Technology (NIST) Special Publication 800-53 and NIST Special Publication 800-171. These publications are closely aligned with the CMMC 2.0 requirements, providing essential guidelines for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations. In addition, DFARS 252.204-7020 clause requires contractors to undergo an assessment of their implementation of NIST SP 800-171 controls by an accredited third-party assessment organization to evaluate a DIB contractor's compliance with the security requirements outlined in NIST SP 800-171 and provide assurance that adequate safeguards are in place to protect CUI.

Read More

In March of 2023, Pure Storage announced an exciting addition to their product fleet with the FlashBlade//E, their newest all-flash unified file and object platform with revolutionary density and TCO.

FlashBlade Background and Evolution

For the uninitiated, Pure’s FlashBlade platform, first released in 2016, was built on a custom blade architecture to address file and object storage requirements of the most demanding modern applications and unstructured data workloads in the world. Things like AI and machine learning, log analytics, genomics and imaging, even extraordinarily fast restore and ransomware recovery for backup applications.

Read More

The popularity and wide adoption of Microsoft Azure public cloud has transformed the way millions of businesses operate. It provides a wide range of services where customers can choose to develop and scale applications in a “pay for what you use” model. Getting the most out of Azure in a cost-effective way requires technical acumen, attention to detail and strong organizational skills.

Read More

 

Adoption of Microsoft’s 365 Government Community Cloud (GCC) High sovereign cloud solution is on the rise as organizations in the Defense Industrial Base (DIB) work to ensure compliance with the stringent regulations related to the Cyber Security Maturity Model (CMMC) v2.0 and current NIST 800-171 framework. GCC High is an excellent option for DIB contractors who handle Controlled Unclassified Information (CUI) and International Traffic in Arms Regulation (ITAR) data in their cloud or hybrid environments.

Microsoft continuously improves and enhances features and capabilities to the GCC High platform. Just like updates to Microsoft 365, it can be hard to keep up with them all. Daymark’s Government Community Services Team has carefully selected updates we believe are worth paying attention to with our own GCC High Roadmap.

Read More

Azure Sentinel is a cloud native Security Information Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) solution from Microsoft. It was the topic of discussion at one of our recent Daymark Cloud Clinics where our technical cloud consultants offer complimentary technical training and tips on a wide range of Azure and Office 365 features.

Read More

Impossible travel. Is it sending a human to Saturn or Venus? Well maybe, but in the context of Microsoft Office 365, Impossible Travel is a security feature that is a great indicator of potential hacking attempts. The concept is straightforward. If you login to Office 365 from your office in Boston and then 20 minutes later you try to login from Dallas, or you login from home in Chicago and five hours later from Beijing, Office 365 basically says “wait a minute, that’s impossible” and it denies login from Dallas and immediately sends an IT security alert. Get tips to optimize Impossible Travel here.

Read More

Preparing for a Cybersecurity Maturity Model Certification (CMMC) 2.0 assessment can be completely overwhelming. Here’s the good news: If you’re NIST 800-171 compliant, you’re more than halfway there. If you’re not, you’ve got some work to do for sure, but it’s not as complicated or daunting as you may fear.

NIST 800-171

Read More