The Schellman Blog

Published by the National Institute of Standards and Technology (NIST), NIST SP 800-171 is a standard created to help organizations protect Controlled Unclassified Information (CUI) from unauthorized access or disclosure.

So, you’re investing in cybersecurity and are having a web application penetration test performed. No matter your reasons for doing so—whether you’re satisfying compliance requirements, a customer request, internally assessing your flagship service offering or confirming security policies—this is a great step towards strengthening your defenses.

Whether it’s shoes, real estate, or the latest smartphone, everyone’s always looking for a bargain. A central component of any decision you make to purchase or not purchase a good or service is the cost. It’s a little easier to determine that number when you’re buying (or not buying) a good because it’s generally the sticker price and, barring any lemony outliers, the thing does what you need it to.

Consider two people sharing an umbrella in the rain. They both have the same goal—to reach the car dry, without dropping any of the food they purchased and intend to share—but they each have different responsibilities on the mission: one is holding the umbrella and one has to hold the food.

A Global CBPR/PRP certification is an effective way for your organization to prove your privacy protections are adequate so that your customers can rest a bit easier.

ISO certifications in general have become popular tools used to demonstrate an organization’s compliance with certain standards. While ISO 27001 itself can give your customers quite a lot of reassurance, there’s also something to be said about combining it with ISO 9001 certification.

Cyber threats continue to escalate in both frequency and economic impact. Where earlier estimates from the U.S. Council of Economic Advisors placed the cost of malicious cyber activity to the U.S. economy between $57 billion and $109 billion in 2016, more recent data shows this threat has grown exponentially. In the U.S., these cyber threats are not a problem our government, and more specifically our military, can leave unchecked, particularly when it comes to the theft of valuable intellectual property and sensitive information from all industrial sectors. The potential backlash on our economic security and national security is too great, so action had to be taken. If you’re doing business in the Defense Industrial Base (DIB) sector, you will soon need to become CMMC certified. Within this newer program meant to protect information within the supply chain of the Department of Defense (DoD), there are three levels and their related assessments. If you’re wondering which level is right for you, don’t worry—in this article, we’ll explore the different levels of CMMC compliance you can achieve, but we won’t be able to do that without first addressing the critical importance of CUI. Then, you’ll understand how all these pieces fit together and have a better idea of which level is right for your organization and what to expect in the process.

TAMPA, FL: Tampa-based Schellman, a leading provider of attestation and compliance services, continues to emphasize its people and culture investment, now through the appointment of Bhavna Dave as the company’s new Chief People & Culture Officer.