RSI Security

Rethinking Your Cybersecurity

Category: Compliance Standards

Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.

  • Overview of the FISMA Certification and Accreditation Process

    Overview of the FISMA Certification and Accreditation Process

    Source: Kaspersky Lab Daily

    When your grandparents used to lament about security or warn you to lock your doors at night that was as far as the concept of “security” went. No one thought an intruder could penetrate a location without physically breaking down doors. Yet today, bank robbers can steal millions of dollars from the comfort of a desk chair. On a household level, this unauthorized accessibility sounds concerning, but when considered by government agencies, the threat is terrifying. While average households possess a small amount of valuable information, governments store millions of records, usually of a sensitive nature. Realizing the potential implications of remote threats, the U.S. Government developed a set of cyber security guidelines called the Federal Information Security Management Act (FISMA). Are you looking to achieve FISMA compliance? Continue reading for an overview of the FISMA certification and accreditation process.

    (more…)

  • The Three Levels Of Compliance For FISMA

    The Three Levels Of Compliance For FISMA

    The Federal Information Security Act (FISMA) was introduced in 2002 to ensure that all government vendors, contractors, and partners handle confidential and sensitive information appropriately, intending to provide protection against various security threats. Depending on the nature of your business, you’re going to need to reach specific levels of compliance to avoid FISMA fines, penalties, and consequences.

    (more…)

  • Penalties for Non-Compliance with FISMA (and how to avoid them)

    Penalties for Non-Compliance with FISMA (and how to avoid them)

    No organization takes cyber security and digital privacy as seriously as the U.S. Department of Defense. It’s why the Federal Information Security Management Act (FISMA) was implemented by the DoD, setting data security standards government partners and contractors. Vendors that fail to comply with FISMA could be in for stiff fines and penalties.

    (more…)

  • Benefits of Being FISMA Compliant

    Benefits of Being FISMA Compliant

    Maintaining compliance with the Federal Information Security Management Act (FISMA) is essential for government agencies or private contractors that deal with those agencies. Since its formal adoption in 2003, FISMA has helped safeguard critical systems and information. Although FISMA compliance is mandatory for some, it carries with it a number of tangible benefits. In this article, we’ll break down what FISMA is, what the requirements of FISMA are, FISMA standards, and what benefits compliance with FISMA brings for covered entities. This information can help inform organizational decisions regarding whether obtaining, or maintaining, FISMA compliance can be beneficial to your organization and its cybersecurity solutions.

    (more…)

  • What Is A FISMA Audit?

    What Is A FISMA Audit?

    In 2002, the internet was ten years old but still in many ways was in its nascent stages. However, its growth had spurred the dissemination and sharing of information at a torrid rate. At the turn of the century, the term “cybersecurity” had yet to become part of the mainstream lexicon. Despite the lack of sophistication in the early days of the internet, the government realized the potential risk that digital information could pose in the wrong hands.

    (more…)

  • Benefits of Being NERC CIP Compliant

    Benefits of Being NERC CIP Compliant

    NERC is the North American Electric Reliability Corporation. Their job is to monitor and maintain the standards for the North American “Bulk power transmission.” Essentially, NERC watches over all large electrical power stations and the dispersion of large amounts of electrical power throughout the United States, Canada and Mexico.

    (more…)

  • NERC CIP Standards: What You Need To Know

    NERC CIP Standards: What You Need To Know

    Although usually taken for granted, Critical Infrastructure connects east to west, north to south, and ensures businesses and homes can operate on a daily basis. With the news reports of hurricanes, mudslides, and fires, it’s easy to think that natural disasters are the main threat against such infrastructure. However, cyber attacks increasingly threaten the functionality of Critical Infrastructure. Even in the cybersecurity world, the top priority tends to lean toward information security. To draw more attention to the vulnerabilities of Critical Infrastructure and to improve industry cyber security standards, the North American Electric Reliability Corporation (NERC) formulated a Critical Infrastructure Protection (CIP) plan. The NERC-CIP standards work to improve the security and infrastructure protection of North America’s power bulk system by protecting physical and cyber assets.

    (more…)

  • What Is Threat and Vulnerability Management For NERC CIP?

    What Is Threat and Vulnerability Management For NERC CIP?

    Security threats against utilities have been a constant focus for bulk power systems (BPS) for decades.  After a massive outage in August 14, 2003, 50 million people in the Northeastern United States (U.S.) and parts of Canada were left without power for most of the evening. The problem that federal authorities dealt with in the aftermath of the blackout was how to handle those responsible for the blackout.  Since there was an absence of federal regulations related to a blackout of this magnitude and no federally mandated processes that BPS operators needed to follow, it was impossible to fine those responsible.

    (more…)

  • What Is The Patch Management Process For NERC CIP?

    What Is The Patch Management Process For NERC CIP?

    The electric utility industry is built on a foundation that requires an ultimate level of security to operate effectively.  As hackers multiply and their level of sophistication increases rapidly, the electric utility industry must also evolve its cybersecurity defense capabilities.  A recent survey of 140 North American electric utilities found that 88% of respondents expect cyberattacks to increase within the next 2 to 3 years.  That figure is meteoric and most likely slightly distressing for those bulk power system (BPS) operators that haven’t gotten up to speed on patching their software vulnerabilities quite yet.

    (more…)

  • How to Achieve NERC CIP Compliance

    How to Achieve NERC CIP Compliance

    Access to a stable power source is a central component of our daily lives in the modern United States. Power generation, transmission, and delivery has been designated critical infrastructure in the United States, and as such is subject to heightened regulatory scrutiny and security requirements.

    One of the most important regulatory bodies ensuring the security of our critical power infrastructure is the North American Electric Reliability Corporation (NERC). NERC is a not-for-profit corporation that has been granted regulatory authority over the bulk power delivery system in the United States. Maintaining compliance with NERC regulatory standards is an ongoing requirement for entities that fall within the scope of the bulk power system. In this article, we’ll break down what NERC is, what NERC does, and outline how entities within the bulk power system can achieve Nerc compliance through a Nerc compliance program.

    (more…)