Today’s evolving cyber threats faced by Federal departments and agencies (D&A) cover a wide range of malicious activities from nation-state sponsors, criminal organizations, terrorist groups, hacktivists, insider threats, and others. These threats come from highly advanced, group-based entities that seek to operate inside of and maintain a presence on and in their target’s systems. When coupled with increasing regulatory requirements and oversight, the move to a risk management versus a compliance approach, and growing resource constraints, these threats presents huge challenges.
To be effective in this operational environment, Federal D&As must employ a cybersecurity program that focuses on operating in cyberspace instead of reacting to it. The need for innovative cybersecurity approaches, methodologies, and best practices that address interoperability, usability, and privacy is critical for the nation and the Federal government.
Provides services and capabilities including engineering, implementation, operation, and maintenance support for information system security controls that are implemented through technical mechanisms in system hardware or software.
Provides services and capabilities including development, implementation, assessment, improvement, maintenance, and governance support for all cross-cutting aspects of the organizational cybersecurity program.
Provides services and capabilities including implementation, operation, and maintenance support for information system security controls executed primarily by people.
Provides services and capabilities including development, implementation, assessment, improvement, and maintenance support for cybersecurity program and system compliance activities, assessment and management of system and organizational level cybersecurity risk, and ongoing conduct of system and organizational continuous monitoring activities.
Here are our latest blog posts on cybersecurity-related topics written by Criterion subject matter experts.
This forecast sheet was developed specifically to provide information about what we currently know about the new DoD CMMC program.
Compliance-based measures, while better than nothing, do not give a true picture of an organization’s cybersecurity maturity.
Based upon the Program and Technical Baselining review results, Federal organizational management will be able to make well-informed, risk-based decisions regarding CS&P-related activities.