News

Federal agencies need not consider the practicality, cost, or feasibility of compliance with their requirements, but until or unless Congress or a new presidential administration acts, compliance is required, no matter the cost or effort required. Automating compliance as much as possible tends to be the only way to make it economically practical, and operationally feasible.

Thankfully there are software tools to help with compliance. On example is Tenable's "SecurityCenter Continuous View":

https://www.tenable.com/blog/the-buck-stops-there-nist-sp-800-171

"SecurityCenter CV Audit and Monitoring Dashboard aligns with the Audit and Accountability (section 3.3) and System and Information Integrity (section 3.14) families in NIST SP 800-171. These families are closely related, requiring the monitoring, analysis, investigation and reporting of unlawful, unauthorized or inappropriate information system activity – including inbound and outbound communications traffic – to detect attacks and indicators of potential attacks. By using this dashboard, you can better correlate audit review, assessment and reporting processes for investigating and responding to indications of inappropriate, suspicious or unusual activity. You will also be able to monitor information system security alerts and advisories and take appropriate actions in response."

The software dashboards and "Assurance Report Cards" to help automate SP 800-171 control monitoring, assessment and communication, reducing compliance staff workload and the potential for expensive mistakes. 

Microsoft's Azure and Office365/Microsoft365 cloud services offer versions which claim to comply with NIST 800-717 as discussed in this article...

https://learn.microsoft.com/en-us/compliance/regulatory/offering-nist-sp-800-171

Microsoft also promotes their own compliance tools for higher-tier O365/M365 customers for government work:

https://learn.microsoft.com/en-us/purview/compliance-manager-setup.

AND

There is already a gold-rush of vendors to provide compliance information, training, and automation. The following is one such information resource:

https://www.encomputers.com/2023/01/dfars-and-nist-800-171-ultimate-guide/

There are many opportunities to apply the utility-grade technology of passive optical networks to large transportation sites, municipal communications, commercial office parks, office towers, education campuses, and industrial sites. There are fewer potential failure points, and the greatly improved stability and security of very simplified non-hierarchical communications designs. 

https://www.tellabs.com/solutions/industries/transportation

Passive optical network use case presentation for airports and similar facilities:

https://www.youtube.com/watch?v=rnevVFzJx1M

Antithesis, a developer of a debugging platform for large, distributed systems.

https://newsletter.pragmaticengineer.com/p/antithesis

Introduction:

Present status for software debugging tools:

The Antithesis debugging solution:

"Antithesis is not only a time-traveling debugger, though. A good way to describe it is as 'Deterministic Simulation Testing (DST) as a service.' Deterministic Simulation Testing (DST) is a technique of building a simulation in which software can run in a single thread, and where you’re in control of all variables like time, randomness, etc., in order to achieve determinism during testing."

AND...

"Because implementing DST is so difficult, Antithesis made the computer/hypervisordeterministic, instead. This means anything that runs on this Antithesis computer/hypervisor can be tested with DST, without doing everything yourself.

And thanks to running a fully deterministic environment, Antithesis can manipulate it into weird states on purpose, which allows developers to inspect weird states and bugs to find out their causes."

CLASSIC LARGE SYSTEM DESIGN PROBLEM:

"Large systems probably don’t 'fit inside the head' of any person, which can make reasoning through the state machine the old fashioned way, much harder. Also, the sheer length of time and numbers of people it takes to build these systems, means there are many opportunities to lose institutional knowledge, or memories to fade."

From Antithesis.com:

AND...

The unique challenges of large systems:

Single-pair Ethernet offers up to 10Gbps throughput and 50W of power, and connectivity up to 1KM, while using up to 55% less metal and plastic than typical 4-pair Ethernet cabling. Connectors are greatly simplified and better suited to harsh outdoor utility, campus, municipal, industrial, and military applications.

https://www.belden.com/products/connectors/industrial-connectors/single-pair-ethernet-spe-connectors#sort=%40catalogitemwebdisplaypriority%20ascending&numberOfResults=25

Breath new life into expensive custom enterprise software and an aging fleet of computer systems with a streamlined desktop virtualization solution. Dramatically improve security and reliability at the same time while ending the treadmill of capital expenditures for desktop and workstation computers. 

https://workspot.com/desktop-cloud/

https://workspot.com/healthcare-solution

https://workspot.com/workstation-cloud/

.