Vulnerability in the Age of Remote Work

With COVID-19 continuing to run its course across the United States, it is likely that remote work is here to stay.  According to an Upwork workforce report, it is projected that over 36 million Americans will still be working remotely by 2025. This rapid increase in remote work has resulted in additional cyber threats for […]

Cyber Resiliency: Preparing for and Mitigating the Inevitable

National Institute of Standards and Technology Logo on Light Blue Background

While risk management has been in use within information security doctrine for decades, cyber resiliency is a new paradigm has begun to gain ground. It is no longer enough to solely focus on securing networks, as even the most robust controls may be circumvented by sophisticated adversaries. Organizations must now consider the inevitability that their […]

FCI: Safeguarding Requirements for Federal Contract Information

Image with text reading federal contract information

With the recent attention on DFARS 252.204-701, the Cybersecurity Maturity Model Certification, and NIST SP 800-171, you may already be familiar with safeguarding requirements for Controlled Unclassified Information (CUI). However, are you aware of the requirements for safeguarding Federal Contract Information (FCI)? You may be wondering – What is FCI? How is FCI different from […]

What is the Cybersecurity Maturity Model Certification (CMMC)?

DFARS 252.204.7012 stylized image with lock

With recent breaches of government data, such as Solargate, cybersecurity and safeguarding sensitive information has become more important than ever. Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) is the answer to ensuring the Defense Industrial Base (DIB) does not become the weak link when safeguarding sensitive information and government systems. In this article, […]

DFARS 252.204-7012: What it Means for Defense Contractors

DFARS 252.204.7012 stylized image with lock

Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 has been the buzz of the defense contracting world over the last three months. While it became a final rule in 2016, companies have just now begun to feel pressure to comply with it. You may have received communications from prime contractors or seen announcements from the Government […]

CUI: Your Guide to Controlled Unclassified Information

Stylized image with NARA logo, the dome of the Capitol building, and NARAs official seal

You may have been brought here because you are seeking to achieve NIST 800-171 or CMMC compliance. Perhaps this is the first time you have heard the terms Controlled Unclassified Information or “CUI”. You may be wondering: What is CUI? Do I have any? If I do, what am I supposed to do with it? […]

CMMC: Choosing a CMMC Consultant

With the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) moving full steam ahead, many small and medium businesses are struggling to become compliant. You may be asking yourself: how do I become compliant? Where should I even begin? Do I have the in-house expertise to become compliant? Do my in-house experts have the […]

Social Engineering: Elicitation and How to Counter It

Silhouette of person dangling by strings

Most are likely familiar with some forms of social engineering, including phishing scams. But how familiar are you with elicitation and do you know how to detect and defend against it? Read on to learn more about elicitation, who is vulnerable, and behavior to watch out for. What is Elicitation? Elicitation resembles a typical or […]

NIST 800-171 and DFARS Compliance Services

National Institute of Standards and Technology Logo on Light Blue Background

Unauthorized access and disclosure of government information has become all too common in these times of frequent cyber-attacks. As a result, the government has extended mandatory safeguards – found in NIST SP 800-171 – to non-federal organizations that process, store or transmit Controlled Unclassified Information (CUI) or Covered Defense Information in non-federal information systems. These […]

TestPros Wins Several Commercial Independent Compliance Assessment Contracts

TestPros has been awarded a number of commercial compliance assessment contracts and task orders to provide Independent IT Security Assessment Support, Penetration Testing, and Accessibility Compliance. Our Independent IT Security Assessment processes use the guidance from the Rick Management Framework (RMF), FISMA and FedRAMP.  Our IT Accessibility Assessment processes use the guidance from W3C Web […]