U.S. DoD Certification Reinforces Cybersecurity Standards in Defense Sector
Stress Aerospace & Defense Achieves Cybersecurity Maturity Model Certification Level 2
HOUSTON—As cyber threats become more sophisticated and persistent, ensuring the security of sensitive government data is essential to national defense and the integrity of the defense supply chain.
As a company specializing in engineering design, testing, and analysis services for the aerospace, defense, and government sectors, Stress Aerospace and Defense (StressAD) recognizes the need to meet stringent cybersecurity requirements outlined in the Department of Defense’s (DoD) Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7021.
The company, a subsidiary of Stress Engineering Services, Inc. (SES), recently achieved Cybersecurity Maturity Model Certification (CMMC) Level 2 (Advanced). Achieving this U.S. Department of Defense (DoD) certification enhances national security by safeguarding critical government data and reinforcing cybersecurity standards in the defense sector, the company said in a release announcing its certification.
The certification underscores StressAD’s “commitment to securing Controlled Unclassified Information (CUI) and maintaining the highest cybersecurity standards within the aerospace, defense, and government sectors,” the company said.
StressAD’s achieving CMMC Level 2 compliance is validation that it can handle International Traffic in Arms Regulations (ITAR)-regulated and other export-controlled information, further strengthening its role as a trusted defense partner, the release stated.
Rigorous compliance and preparation
CMMC Level 2 certifications are awarded to organizations that address 110 security controls, mapped to 320 assessment objectives based on the NIST SP 800-171 framework. StressAD began the rigorous certification process nearly two years ago with a preliminary self-assessment that identified key security gaps. Then, in collaboration with a third-party consultant, the governance committee established a robust System Security Plan (SSP) encompassing more than 1,000 pages of documentation, policies, and security controls.
Unlocking new opportunities
The final CMMC audit, originally scheduled for multiple days, was successfully completed in a shorter time frame, reflecting exceptional preparation by the StressAD team.
“Going through the CMMC process was rigorous and required a high level of teamwork from many different departments,” said StressAD Program Director Matt Sanders, in the release. “I was proud to work alongside my colleagues to achieve CMMC Level 2 and contribute to protecting and defending our nation.”
The certification ensures adherence to evolving federal cybersecurity mandates, ultimately benefitting the entire defense industry. At the time that StressAD passed its audit, fewer than 100 companies had achieved the same, according to the release.
“Passing our CMMC audit with top marks just 20 days after the new rules took effect puts us well ahead in the industry,” said StressAD Information Security Director and Director of Information Technology Bennie Lunsford, in the release. “This certification is not a one-time achievement; it’s an ongoing commitment to our clients’ and our nation’s data and assets. We have established a governance committee that will meet quarterly to ensure continuous compliance and improvements to our security framework.”
StressAD will maintain an ongoing cybersecurity governance program, conducting regular audits, risk assessments, and employee training to ensure continued adherence to CMMC requirements, the company said.
Pilot Cyber Readiness Program Launched for Small and Medium-Sized Manufacturers
NEW YORK & SAN ANTONIO—The Cyber Readiness Institute (CRI) and the Cybersecurity Manufacturing Innovation Institute (CyManII) at The University of Texas at San Antonio (UTSA) have launched a pilot program aimed at elevating cyber readiness and security within the energy manufacturing sector.
The strategic initiative emphasizes CRI and CyManII’s shared commitment to strengthening their defenses against evolving cyber threats by providing essential support and resources for small and medium-sized manufacturers, according to a release from UTSA.
Through this partnership, CyManII will provide up to 200 U.S. manufacturers in the energy sector with access to CRI’s free Cyber Readiness Program. Focused on human behavior, the Cyber Readiness Program delivers cyber best practices and guides organizations through the development of key business continuity measures. Manufacturers will benefit from personalized guidance from a dedicated CRI certified cyber coach, establishing a foundation of understanding and translating knowledge into actionable security measures, the release stated.
“This pilot program is an important first step in strengthening the cyber readiness of small and medium manufacturers,” noted CRI Managing Director Karen S. Evans, in the release. “By melding CRI’s resources with CyManII’s expertise, our aim is to forge a more resilient and secure manufacturing ecosystem in the energy sector.”
Howard Grimes, Ph.D., CEO of CyManII, called U.S. manufacturing “an engine for our national economy and security.”
“It is critical that we cyber secure our manufacturers, especially the small and medium-sized companies. This partnership between CyManII and CRI delivers necessary training that addresses the root cause of cyber-attacks aimed at U.S. manufacturers,” he said in the release.
According to the release, the collaboration between CRI and CyManII will offer resources to enhance the cyber readiness of energy manufacturers and mitigate potential risk in a vital sector of the U.S. economy.
“As cyber threats evolve, the pilot program serves as a proactive measure, equipping manufacturers with the knowledge and tools necessary to safeguard critical supply chains,” the release stated. “The partnership will facilitate the exchange of best practices, acting as a catalyst for the ongoing development of free cybersecurity tools and resources specifically tailored to small and medium-sized manufacturers.”
The Cyber Readiness Institute (CRI) is a non-profit initiative that convenes business leaders from across sectors and geographic regions to produce free cybersecurity tools for small and medium-sized businesses. Its mission is to advance the cyber readiness of these SMBs to improve the security of global supply chains. CRI’s tools and resources focus on human behavior and emphasize employee education and awareness. The Institute is housed within the Center for Global Enterprise, a New York-based non-profit applied research organization.
The Cybersecurity Manufacturing Innovation Institute, located at The University of Texas at San Antonio, works to secure and sustain U.S. manufacturing through the development of partnerships and the deployment of innovative technologies to empower a skilled workforce. Its vision is “to be the leading provider of integrated cybersecurity and energy-efficient solutions for U.S. manufacturers as they undergo digital transformation,” according to the release.
Manufacturers interested in participating in the pilot program can apply here.
Unified Cybersecurity Platform Reported to Help Companies Manage Digital Risks
LOS ANGELES—A next-generation cybersecurity platform recently launched by cybersecurity company Resecurity (USA) is designed to transform how organizations approach cybersecurity by addressing challenges that organizations of all sizes face when managing multiple cybersecurity products.
Resecurity One provides comprehensive protection against evolving cyber threats by combining numerous capabilities—including digital risk management, cyber threat intelligence, endpoint protection, identity protection, supply chain risk monitoring, and extended detection and response (xDR) capabilities—into a unified platform, according to a release from Resecurity.
By integrating various cybersecurity functionalities into a single platform, Resecurity One simplifies cybersecurity operations, reduces fragmentation, and optimizes costs, enabling organizations to achieve significant return on investment (ROI) from their cybersecurity investments, the company said in the release.
“With the ever-growing complexity and sophistication of cyber threats, organizations need a unified cybersecurity solution that offers comprehensive protection across all attack vectors,” said Gene Yoo, CEO of Resecurity, in a statement. “Resecurity One is designed to meet this critical need by providing organizations with a single platform that delivers unparalleled visibility, detection, and analysis capabilities, empowering them to defend against cyber threats proactively.”
Following are some of the key features of the platform.
Digital Risk Management: Resecurity One is said to offer advanced digital risk management capabilities to help organizations identify, prioritize, and mitigate digital risks across their digital footprint. By continuously monitoring digital risk indicators, organizations can stay ahead of emerging threats and protect their critical assets.
Cyber Threat Intelligence: By providing real-time cyber threat intelligence from multiple sources, Resecurity One enables organizations to proactively identify and respond to cyber threats. With comprehensive threat intelligence feeds and advanced analytics, organizations can detect and thwart cyberattacks before they cause harm, the company said.
Endpoint Protection: Resecurity One delivers robust endpoint protection capabilities to safeguard endpoints against malware, ransomware, and other cyber threats. With advanced endpoint detection and response (EDR) capabilities, organizations can detect and remediate endpoint threats quickly and effectively, the release stated.
Identity Protection: The unified platform offers identity protection features to help organizations prevent unauthorized access and identity-based attacks. By implementing multi-factor authentication, access controls, and identity monitoring, organizations can secure identities and prevent security breaches.
Supply Chain Risk Monitoring: Resecurity One includes supply chain risk monitoring capabilities to help organizations assess and mitigate risks associated with third-party vendors and suppliers. By monitoring supply chain risks in real-time, organizations can prevent supply chain attacks and ensure business continuity, the company said.
xDR (Extended Detection and Response): The cybersecurity platform also leverages xDR capabilities to provide extended detection and response across multiple security layers. By correlating security events and alerts from various sources, organizations can gain holistic visibility into their security posture and respond to threats more effectively.
“With Resecurity One, organizations can experience the power of one unified cybersecurity platform,” added Yoo. “By streamlining cybersecurity monitoring and response, Resecurity One empowers organizations to stay ahead of cyber threats and confidently protect their critical assets.”
In addition to launching the platform, Resecurity is currently transitioning customers to a unified portal, ensuring all existing subscriptions are preserved. The company said it also plans to announce regional cloud compliance zones, enabling customers in APAC, MENA, and the European Union to comply with local data protection regulations.
As a platform-as-a-service (PaaS), Resecurity One brings several key advantages to organizations, including reduced fragmentation, optimized costs, and increased ROI.
By integrating multiple cybersecurity functions into a single platform, Resecurity One eliminates the need for disparate security tools, thereby reducing complexity and enhancing operational efficiency. Consolidating various cybersecurity services into one platform helps organizations cut down on the costs associated with managing multiple products and vendors, leading to significant cost savings. And with comprehensive threat detection, response capabilities, and streamlined operations, organizations can achieve a higher return on investment from their cybersecurity expenditures, according to Resecurity.
Additional benefits are reported to include accelerated cybersecurity operations, enhanced compliance, and comprehensive protection.
The unified platform is said to allow for faster detection and response to threats by providing a centralized view and integrated workflows, enabling security teams to act more swiftly and effectively. The introduction of regional cloud compliance zones ensures that organizations can easily adhere to local data protection regulations, reducing legal risks and ensuring data privacy. And Resecurity One’s holistic approach is said to cover “all aspects of cybersecurity, from digital risk management to endpoint and identity protection, offering a robust defense against a wide range of cyber threats.”
“Resecurity One is a powerful tool that not only enhances an organization’s security posture but also drives efficiency and cost-effectiveness in cybersecurity management,” the release stated.