614-322-2222 or 877-770-8324

A culture to protect client and customer data is first created, then nurtured through training and development

Sep

11

A culture to protect client and customer data is first created, then nurtured through training and development

In the IBM NIST and Zero Trust Security Model (ZTSM) training on Thursday, the SMEs stressed the importance for every vendor that works with the organization’s data whether hardware or software to be in compliance with their NIST and ZTSM policies. This includes vulnerability testing. This is new for many OEMs. It was just over a year ago that Microsoft became NIST certified. Most OEMs are not NIST certified. Although the DFARS NIST 800-171 CSF standard for the entire DoD Supply Chain has been required since the beginning of 2018, which pertains to over 300,000 businesses. Some of the companies that are promoting NIST and ZTSM have not passed their own audit yet. So, in the MyRepublic event, it was a third-party vulnerability that caused the breach. To examine your third-party vulnerabilities, start your NIST assessment this week. Have your procurement department request the external CSF certificates and vulnerability reports from your partners.

Then wait………… You will not get many. Professionals know you can do all the testing you want, but if your partner does not have a CSF culture, your network is sunk. So do the assessment this week. And tell your non-certified, non-compliant, non-tested partners they are at risk, and therefore making their your network vulnerable.

A culture to protect client and customer data is first created, then nurtured through training and development, and it is practiced by TechR2 teams in datacenters throughout the world. High technology execution does not happen without hard work.



  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.


    Why risk it? Get started today! Call 614-322-2222


  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.