As creators of the well-known ATT&CK framework, the MITRE name is synonymous with cybersecurity. On April 19, 2024, MITRE issued a news release stating that in January 2024, their Network Experimentation and Research Environment (NERVE) had been breached by a
Introduction As information is increasingly accessible online, the number of cybersecurity attacks, threats, and breaches continue to grow. From hackers pretending to be someone else for financial gain to major companies falling victim to ransomware, being able to achieve cyber
Continuous Authorization, or cATO, can mean different things depending on context. In the federal public sector, I’ve encountered numerous strategies and interpretations. Human-Driven Assessments: The Traditional ApproachTraditionally, authorization assessments have been human-driven. We’ve explored continuous approaches, which typically involves increasing
The Federal Risk and Authorization Management Program (FedRAMP) program management office (PMO) recently published a request for quote (RFQ) for a governance risk and compliance (GRC) solution that intends to implement OSCAL (Open Security Controls Assessment Language) and facilitate compliance
I am excited to announce significant updates to the OSCAL Rest OpenAPI Specification and am looking forward to public feedback so we can improve it as a community! This is an open-source specification that freely enables the exchange of OSCAL
NIST’s held their 3rd Open Security Controls Assessment Language (OSCAL) Workshop earlier this month, and it was abundantly clear from the content and participation that the OSCAL standard and community has gained momentum and has a real opportunity to revolutionize
The Cybersecurity and Infrastructure Security Agency (CISA) recently announced that single-factor authentication – username and password – is now officially added to their catalog of bad practices – putting it to the list of things that actually help cyberattacks. To
Historically passwords have been the go-to method to secure information systems. However, as time has passed, they’ve become harder to memorize, create a lot of pain for IT to maintain, and are a significant source of daily frustration for billions
Zero Trust is becoming quite the buzzword these days, with organizations and government agencies releasing more guidance and strategies for their Zero Trust initiatives every day[1][2][3]. With so much new information being published all the time, understanding the core of
The security of the federal systems we support is our top priority at Easy Dynamics. So we were thrilled to see the recent Executive Order (EO) on Improving the Nation’s Cybersecurity capture some of the key security themes that we
