Skip to content
Totem’s Top 10 Cybersecurity Safeguards for Small Businesses (2022)
Small businesses are the backbone of the United States economy, as they comprise upwards of 99% of all businesses. Given the sheer number of small businesses, in addition to the fact that they have the weakest cybersecurity out of all the organizational sizes, adversaries are targeting small businesses with cyberattacks at increasing rates. Small business […]
Know Your Assets: The first step in building a cybersecurity program
With the recently announced Cybersecurity Maturity Model Certification (CMMC) version 2.0, many of us within the Defense Industrial Base (DIB) are beginning to turn our attention towards cybersecurity compliance for the first time. Although we know we must adhere to the standards outlined by the National Institute of Standards and Technology (NIST), it is a […]
The importance of cybersecurity user training in NIST 800-171
We’ve made the assertion in our Totem Top 10 that, after you have gathered a complete inventory of all your IT system assets and identified the lifecycle of the sensitive information facilitated by those assets, the first thing you should do is begin training your users on what they can do to protect your business […]
NIST SP 800-171 Compliance and VoIP
Nowadays, most companies in the Defense Industrial Base (DIB) are keenly aware of their cybersecurity requirements under NIST SP 800-171. The framework introduces baseline security standards required to protect Controlled Unclassified Information (CUI) from unauthorized access. The controls listed in that document must be applied to any information systems that process, store, or transmit CUI. […]
Entry-Level Network Traffic Analysis with Security Onion
Introduction to Network Traffic Analysis As your organization looks to prioritize cybersecurity, it is important that you have a method in place for actively monitoring your network and searching for network traffic anomalies. Identifying these anomalies is important for a number of reasons, primarily that they can indicate when: A past security incident has occurred […]
Cybersecurity Risk Assessment Methodologies for the Small Business
Cybersecurity Risk Assessment Within the Defense Industrial Base Risk management is a part of business. Although the level of risk companies face depends upon a multitude of different factors, the truth is that small businesses must be especially careful when handling risk. If your company operates within the Defense Industrial Base (DIB), you likely understand […]
Understanding Multi-Factor Authentication
Understanding Multi-Factor Authentication MFA, or Multi-factor authentication, is a term we hear more and more these days. As cybersecurity moves more towards the forefront of the corporate landscape, MFA is becoming much more relevant and needed. It is required for protection of Controlled Unclassified Information (CUI) accessed across a network, and is a CMMC Level […]
How to become a CMMC C3PAO
The Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) recently released news that two organizations that have successfully become authorized CMMC C3PAOs. As anticipation for CMMC assessments grow, an understanding of what C3PAOs do, how they became assessors, and what to expect if you are planning on applying to become a C3PAO are imperative to understand. This post will cover […]
Password Policy
Password Policy Requirements for CMMC Our clients often ask us what the password policy should be for their covered contractor information systems that must be assessed under the DoD Cybersecurity Maturity Model Certification (CMMC). CMMC is for DoD contractor-owned systems that handle Federal Contract Information (FCI, in scope for the FAR 52.204-21 clause) and/or Controlled […]