Welcome to Our Newsletter
Welcome to the latest edition of ISEC7’s monthly newsletter! This month we will highlight the new CMMC 2.0 requirements, shine the spotlight on ISEC7 SPHERE, and break down our approach to Zero Trust Architecture. We are also excited to share our upcoming events and recent blog posts with you!
Are You Ready for CMMC 2.0?
As we have discussed in previous newsletters, protecting Controlled Unclassified Information (CUI) is a government-wide initiative directed by Executive Order 13556 that impacts more than 100 departments and agencies within the Executive branch, and defense contractors and FSOs who need to comply with CUI protection requirements must adhere to a detailed, complex and somewhat daunting data marking system.
Protecting CUI is also a major component of Cybersecurity Maturity Model Certification (CMMC) 2.0. With the Defense Counterintelligence and Security Agency (DCSA) already complying with CMMC 2.0, and a phased implementation expected to begin in January 2025 for the Department of Defense (DoD), now is the time for you and your organization to get in compliance with CMMC 2.0.
ISEC7 Government Services has developed a dedicated CMMC information page where you can learn more about the new requirements, specifically data marking and protecting CUI, and our solution ISEC7 CLASSIFY which defines all CUI categories and controls, ensuring markings follow the most current CUI registry and are compliant with laws and regulations.
Solution Highlight: ISEC7 SPHERE
A recent string of cybersecurity incidents wherein environments were impacted due to serious vulnerabilities has organizations and individuals rethinking how they can best protect their infrastructure. Identifying Common Vulnerabilities and Exposures (CVE) is critical in helping organizations quickly spot potential threats and implement security measures to safeguard their systems and data.
Thankfully, ISEC7 SPHERE collects CVEs for all your monitored systems from the National Vulnerability Database (NVD), a public vulnerability repository maintained by the Cybersecurity & Infrastructure Security Agency (CISA), that provides information about known vulnerabilities, as published by the corresponding software vendors. Once found, ISEC7 SPHERE displays them under the affected system and can consider that information to calculate the server status; administrators can easily click on said CVEs to review them, then acknowledge them once installed on the corresponding systems.
ISEC7 SPHERE can also display a chart with the number of mobile devices that are operating using security patch levels of the given timeframes in months, helping quickly identify which devices need to be updated, to not only improve the device’s overall performance, but most importantly, ensure said devices remain safe and protected from potential security threats.
ISEC7 SPHERE provides management, insight, and monitoring capability in a singular console across all your digital workplace solutions. It can monitor over 750 parameters and flag potential issues before they impact end-users. Proactive alerts are sent to assigned IT staff who can resolve issues before they turn into outages. With only one system to manage, issues are identified and resolved faster, requiring less IT staff with a significant impact on the operational cost. The team of experts at ISEC7 can not only provide an objective assessment of your organization’s cybersecurity posture, but also offer a demo of ISEC7 SPHERE and show you how to monitor your entire mobile infrastructure and ultimately secure your environment through this one essential solution.
What Zero Trust Architecture Means to ISEC7
Zero Trust Architecture (ZTA) – of which is the guiding principle is “Never trust, always verify” – is a cybersecurity strategy that requires strict and continuous authentication of both people and devices when trying to access resources on a private network, either on-premises or in the cloud.
While there is no one standard definition of what a Zero Trust Architecture is or should be, ISEC7 uses a 7 pillars approach to categorize all the different layers, modules, and functionalities that such a strategy can possibly include. In turn, each of ISEC7’s proprietary solutions are designed to uphold these pillars. For example, ISEC7 SPHERE does CVE and compliance monitoring, ISEC7 MAIL operates with modern and certificate-based authentication (CBA) and allows users to securely send, receive, and enforce encrypted and signed emails (S/MIME), and ISEC7 CLASSIFY ensures that users correctly mark and disseminate sensitive information while using any office application on any device.
The experts at ISEC7 understand the importance of ZTA and constantly verifying that every user, device, or app connecting to a resource is authenticated, legitimate, and free of any suspicion. As executive orders push the government towards a ZTA strategy, ISEC7 can help government and nongovernment agencies alike deploy a Zero Trust security strategy, incorporate Zero Trust elements into their network, meet the new standards, and reach their optimal cybersecurity goals.
Upcoming Events
TechNet Indo-Pacific Conference 2024
Tuesday October 22nd – Thursday October 24th, 2024
Hawai'i Convention Center
1801 Kalākaua Avenue
Honolulu, HI 96815
Wednesday, December 4th – Thursday, December 5th, 2024
Kap Europa Congress Center
Osloer Str. 5 60327,
Frankfurt am Main Germany
ISEC7 Cybersecurity Trivia
Did you know that you can use ISEC7 SPHERE's log filtering to reduce your hosted SIEM cost?
ISEC7 SPHERE retrieves data from all the company’s systems and presents them on one dashboard. Log information is correlated between systems, and issues with one system that could affect functionality in another can easily be reviewed in one place. With only one system to manage, issues are identified and resolved faster, requiring less IT resources with significant savings on the operational cost.
Check out our latest blog posts:
While mobile devices like smartphones and tablets enable employees to work during foreign travels, their portability and always-on state make them vulnerable to compromise, theft, damage, and loss.
In Parts 1 and 2 of this blog series, we previously discussed cybersecurity attacks that could be countered by training and implementing various solutions and products. In part 3, we will discuss cybersecurity attacks where the processes to address these security threats are more involved.
The U.S. Department of Defense (DoD) recently released a memo to warn about unauthorized disclosure due to typographical errors, where the .mil domain (used by the U.S. military) was misused and .ml (corresponding to the country of Mali, Africa) used instead, leading to potential leaks of Controlled Unclassified Information (CUI).
Never miss an update! Follow us on LinkedIn:
ISEC7 Group & ISEC7 Government Services
ISEC7 Group
8 Market Place, Suite 402, Baltimore, MD 21202, USA
Tel: (866) 630-1893 | sales-na@isec7.com www.isec7.com
