3 Common Cybersecurity Remediation Issues

By Brett Powers • July 28, 2021

As your organization works to strengthen its security surrounding its IT infrastructure to meet the requirements of the NIST 800-171 framework, and in anticipation of securing Cybersecurity Maturity Model Certification (CMMC) Maturity Level 3 compliance, a few issues frequently require attention.

Working to address these challenges will raise your company’s Supplier Performance Risk System (SPRS) score. This can be instrumental in demonstrating your commitment to exceptional cybersecurity hygiene to government entities looking to use your products or services. 

 

We’ve found these issues that require remediation at most companies we have assessed.

 

Absence of Documentation

With CMMC looming, a lot of companies are examining their policies, procedures, and standard documentation. At CyberSheath, before we get to the remediation process, we assess where an organization is in terms of compliance readiness. Generally what we find is most companies have very little documentation around what they’re doing and how they’re governing their security controls.

Lack of internal resources can make formulating the appropriate documentation a challenge. While we can craft that documentation, the hard part is getting each company to go through their records and align policies and procedures with their unique organizational practices. What we call best practices do not necessarily translate to being applicable to their business. For example, best practice for an activity timeout could be 10 minutes. However for your business, perhaps it makes sense to extend that time period to 30 minutes. 

 

No Multi-factor Authentication (MFA)

We’ve discovered that most companies either have MFA partially applied or not applied at all. Meaning maybe these entities are using Microsoft 365 and have activated MFA for when they’re logging into that environment. That is not sufficient. Part of the requirement is you need to have multifactor turned on even when you are logging on locally. Meaning when you turn on your laptop and type in a password, you should also have to have a second factor to access your laptop. From what we’ve seen in our assessments, this step almost never happens.

The struggle here may be that additional resources and tools need to be procured, which adds another cost. Also, a lot of the remediation we assist clients with circles back to a culture change being a huge challenge. 

 

Shared Accounts

Perhaps your IT group has one generic, admin user ID with a shared password. While this ID is only assigned to IT, it could be leveraged by multiple people. This practice creates an accountability issue because it becomes difficult to identify exact users. Another example would be a shared computer on the floor of a manufacturing company, used by 10 people. A lot could happen between those 10 users, making it challenging to tell which one of the users performed what tasks or even who executed a potentially malicious act. 

In a similar vein, it’s also relatively common for companies to mistakenly or intentionally provision users accounts that grant individual works outside of management with admin access. It’s pretty easy to see how this could go horribly wrong. While many users do not notice or act on this level of access, it does open up the entity to all sorts of security issues. 

 

If your organization would like assistance in determining their current security posture, including assessing whether or not they need to remediate these common issues, give us a call. We will be happy to work with you to identify compliance gaps, craft a plan to address any issues, and help your company improve its SPRS score. 

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.