Capabilities and Benefits 

👉 Risk Reduction: More visibility across the entire threat landscape to reveal current threats and emerging cyberattacks on the horizon helps organizations identify and assess risks with a proactive approach to preparation. 

👉 Cost Reduction: Cyber threat intelligence is often cost-effective and may lower the overall financial burden of security incidents including data breaches, which can be very expensive during months of forensic investigation.

👉 Regulatory Compliance: Enabler for organizations that must adhere to various regulations such as GDPR, Sarbanes-Oxley (SOX), HIPAA, ISO2700n, NIST-800-53, NIST 800-37, BSA, GLBA, FINRA, FFIEC, DORA, PCI DSS, PSD 2, TISAX, ZTA etc... 

ISO Standards:

  1. ISO/IEC 27001: Information Security Management
    • A.12.6.1: Management of technical vulnerabilities
    • A.13.1.1: Network controls
  2. ISO/IEC 27002: Code of Practice for Information Security Controls
    • 12.6: Technical vulnerability management
    • 13.1: Network security management

NIST Frameworks:

  1. NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
    • CA-7: Continuous Monitoring
    • SC-7: Boundary Protection
    • SI-4: Information System Monitoring
  2. NIST Cybersecurity Framework (CSF)
    • PR.DS-1: Protect Data at Rest
    • DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software
    • RS.MI-3: Mitigate

DISA STIGs (Defense Information Systems Agency Security Technical Implementation Guides)

  1. Network Security STIG
    • V-31409: Network devices must employ automated mechanisms to assist in the tracking of security incidents.
    • V-31773: Network devices must be configured to send log data to a central log server.
  2. Firewall STIG
    • V-17149: Firewalls must be configured to send alerts to the administrator in the event of a critical security event.
    • V-17435: Firewalls must have only authenticated access for administrative users.

Other Frameworks:

  1. PCI DSS (Payment Card Industry Data Security Standard)
    • Requirement 11.4: Use IDS/IPS to detect and alert personnel to suspected compromises.
    • Requirement 6.6: Address common coding vulnerabilities in software-development processes.
  2. HIPAA (Health Insurance Portability and Accountability Act)
    • 164.308(a)(6)(ii): Implement procedures for detecting, preventing, and responding to security incidents.
    • 164.312(b): Implement mechanisms to encrypt and decrypt ePHI.
  3. GDPR (General Data Protection Regulation)
    • Article 32: Security of processing

CIS Controls (Center for Internet Security)

  1. CIS Control 12: Boundary Defense
    • Sub-Control 12.4: Deny communications with known malicious IP addresses.
    • Sub-Control 12.5: Implement application layer filtering.

 

 

Business Justifications:
Executive Order 14028 Directive Since 2021

Publicly Traded Companies - Mandates Form 8-K - SEC  - Cyber Threat Reporting Requirement. Penalties min. 5K per issue not reported within 96 hours at average. 50K/Day up to 4% of Revenue. 


NIST/CMMC – Continuous Monitoring https://csrc.nist.gov/pubs/sp/800/137/final

CISA Protective DNS Initiative - https://www.cisa.gov/resources-tools/services/protective-domain-name-system-resolver   Executive Order support 

Cloudflare Registrar HLS Mandate Protected DNS Registrar -  https://www.cloudflare.com/press-releases/2023/cloudflare-wins-cisa-contract-for-dns-services/  

eGov – OMB-23-10 https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-10-DOTGOV-Act-Guidance.pdf

learn-more-about-osintelligent

Headquarters: Lake Winnebago MO 

D-U-N-S number: 119079550

NAICS codes 518210, 541611, 541990

International Class 042   

Purchase - External Cyber Threat Intelligence - eCTI™ for your security operation team console. Buy eCTI™ JSON File feed.   

Download the capabilities statement.

Cyber defense accelerator for compliance enablement for ISO 27000nHITRUSTSOC 2TISAXTPNNIST, CMMC.

❤️Help Keep Us Going☕️Support Our Work 👉 Buy Us a Coffee Here

 

 

phone