/ftptoday--full-logo-white.png){kind=logo}
/ftptoday--full-logo-color.png){kind=logo}
x Close
B2B File Sharing Blog
Secure file sharing software information, file sharing trends and announcements.
Compliance Cyber and Data Security FTP Cloud FTP Solutions File Sharing Best Practices Secure File Sharing The Cloud
In the IT industry there are many words used when discussing the topic of authentication. Some of those words often used are multi-factor authentication (MFA), two-factor authentication (2FA), time-based one-time password (TOTP), one-time password (OTP) and more. It is important to understand that here are dependencies and differences amongst these terms. For example, two-factor authentication (2FA) is a subset of multi-factor authentication (MFA) because it requires more than 1 form of authentication - i.e 2FA is under the MFA umbrella. Additionally, there are multiple types of 2FA/MFA such as one-time password (OTP). Lastly, there are variations of OTP methods like TOTP, HOTP, etc. Therefore, all of the above would be considered multi-factor authentication. Your authentication method(s) can thwart would be attackers. It seems like all too often we hear about a different company falling victim to a cyberattack (some of which are massive enterprise corporations/conglomerates). In this blog we take a look at the various methods of authentication available to protect your business.
Share
Compliance Cyber and Data Security FTP Cloud FTP Solutions Government Compliance Secure File Sharing The Cloud
When the Department of Defense initially announced version 2.0 of its Cybersecurity Maturity Model Certification (CMMC), it was meant to be good news for small and mid-sized businesses and contractors that work with the United States Military. CMMC 1.0 put a heavy burden on these smaller organizations to create systems and manage controls that they simply didn’t have the in-house resources to create and manage. But planning for the CMMC 2.0 model brings to light just how challenging compliance remains for small- and mid-sized organizations. While CMMC version 2.0 has been framed as less of a burden for smaller businesses and contractors, there’s still a lot of work to be done to reach full compliance.
Share
Are you trying to select a new file sharing solution, but you have a few questions first? Explore these common questions about file sharing solutions and find out their answers.
Compliance Cyber and Data Security FTP Cloud FTP Solutions Government Compliance Secure File Sharing The Cloud
The U.S. Department of Defense (DoD) manages an annual budget that stretches into the hundreds of billions. Much of that money is spent with the 100,000-plus third-party contractors that participate in the nation’s defense industrial base (DIB). The DoD and these contractors must share files and information, and they must do so in a secure manner — for obvious reasons. Today, the DoD offers DoD SAFE as a portal where DIB contractors and members of the U.S. military can share PII-, PHI-, and CUI-related files securely. But is DoD SAFE the best option for your organization? There are DoD SAFE alternatives that are easier to use while providing a level of security that meets DoD expectations for files that fall into these categories. If you’re one of the many defense-related contractors searching for DoD SAFE alternatives, continue reading to learn more about the history of DoD SAFE and your other options for securely sharing files with the U.S. Military.
Share
CMMC Cyber and Data Security DFARS EAR FTP Solutions GOVFTP Cloud Government Compliance ITAR NIST Secure File Sharing The Cloud
By now, all contractors that work with the U.S. Department of Defense should be fully aware of the Cybersecurity Maturity Model Certification (CMMC) 2.0 announcement from November 2021. The CMMC 2.0 announcement included updates to CMMC 1.0 that were designed to enhance cybersecurity protections for all entities in the defense industrial base, or DIB, and also streamline protections for contractors already utilizing the NIST 800-171 framework. While the announcement of last November did provide a glimpse at what the DOD’s requirements might be in the future, Congress has yet to codify those requirements into a law to be followed. Unfortunately, that leaves contractors and others in the DIB in a limbo period where they know that new CMMC requirements are coming — but they don’t know exactly what those requirements will be. We’ve written previously about the proposed CMMC 2.0 framework and what it might require of contractors. Now we’ll address what contractors and others in the DIB can be doing right now during this limbo period to set their organizations up for future success under CMMC 2.0 once codified by law. While there’s a lot of confusion about what can be done presently, it’s best for DIB members to focus first on Level 1 requirements as outlined by the CMMC 2.0 announcement late last year. The following 17 specific practices are required for Level 1 compliance. They represent basic security hygiene that you can implement for your organization: limiting physical access to your facility and systems, securing storage and transport of data, and monitoring your systems usage are good places to start. Also, note that Level 1 compliance is the basis for Level 2 compliance.
Share
Compliance Cyber and Data Security EAR FTP Solutions GOVFTP Cloud Government Compliance ITAR NIST Secure File Sharing
The aerospace industry is a big business — and it’s only going to get bigger in the coming years. In 2020, the global aerospace industry reached $298 billion. That figure is expected to grow to $430.9 billion by 2025 (an expected 45% increase in 5 years). The size of the industry and it’s expected growth is even more impressive when you consider the many aerospace industry regulations that companies must adhere to. The challenge with operating in aerospace is that almost everything designed, built or created has defense-related implications. Indeed, trade organizations (like the Aerospace Industries Association) and the U.S. government have established stringent regulations and security frameworks to prevent the aerospace industry’s products and data from falling into the wrong hands. These regulations can be burdensome for aerospace companies. But they can also represent an opportunity for aerospace companies to put into place the right tools and technologies for making compliance easier and more automated. Here’s a look at the most relevant aerospace and defense industry regulations — the AIA’s NAS9933, NIST SP 800-171, ITAR and EAR — plus a rundown of how aerospace companies can benefit from compliance.
Share
Compliance Cyber and Data Security FTP Cloud FTP Solutions File Sharing Best Practices GOVFTP Cloud Government Compliance SOC Secure File Sharing The Cloud
In the modern age, cybersecurity has become a serious priority for organizations operating in both the public and private sectors. Government entities prioritize cybersecurity to prevent foreign actors and third parties from accessing state secrets. Corporations and other businesses prioritize cybersecurity to prevent ransomware, the loss of proprietary information and trade secrets, and generally to secure any information and files they store and share. What is SOC 2 and where does it fit within the emerging cybersecurity universe that’s growing more important with each passing year? SOC, an acronym for “System and Organization Controls,” is a cybersecurity risk management reporting framework that includes different levels for different types of organizations — SOC 2 is the second level of the framework designed for service providers. The SOC framework and SOC 2 requirements for service providers have become a universally accepted standard for securing information, data and files. At FTP Today, we are SOC 2 certified with the GOVFTP Cloud in scope. This is one of the best ways to ensure we’re securing our users’ data and files while minimizing the risk of outside threats. See below for more details on the SOC framework, on SOC 2 compliance, plus what it means for your organization.
Share
Compliance Cyber and Data Security FTP Cloud FTP Solutions File Sharing Best Practices GOVFTP Cloud Government Compliance NIST Secure File Sharing The Cloud
Even if you’ve only dabbled in cybersecurity, you’ve likely heard the acronym NIST — which stands for National Institute of Standards and Technology. Behind that simple acronym are huge implications for organizations that experience cybersecurity threats or that regularly handle sensitive files and information. The NIST framework for cybersecurity can help keep your organization safe from breaches, and it can also help you achieve compliance so that you can work with other organizations and government agencies that are concerned about cybersecurity. To help you better understand the NIST framework for cybersecurity, here are in-depth details about NIST and specific publications relevant to cybersecurity and the protection of sensitive files and information.
Share
CMMC Compliance Cyber and Data Security DFARS EAR FTP Cloud FTP Solutions File Sharing Best Practices GOVFTP Cloud Government Compliance ITAR NIST PCI Secure File Sharing The Cloud
The body that oversees Cybersecurity Maturity Model Certification (better known as CMMC) has just announced version 2.0 of its standards. This updated version of CMMC is significant for organizations that are part of the defense industrial base — organizations numbering 300,000-plus that comprise the supply chain for defense-related projects in the United States. See below for more details on CMMC 2.0, plus what those changes mean for organizations that work on projects with the U.S. Department of Defense.
Share
Cyber and Data Security EAR FTP Solutions File Sharing Best Practices GOVFTP Cloud Government Compliance ITAR Secure File Sharing The Cloud
The United States is likely to spend more than $700 billion on national defense in 2022. A big portion of that budget will be spent on contracts with third-party businesses — contractors who provide products, materials and services to the U.S. military. But, if you want to work with the U.S. military, you need to understand ITAR compliance and how it empowers you to secure a contract. If your business would like to work with the U.S. military, or continue to work with the U.S. military, here’s a look at everything you need to know about ITAR — and ITAR compliance requirements.
Share
CMMC Cyber and Data Security DFARS GOVFTP Cloud Government Compliance ITAR NIST Supply Chain
This blog post is the culmination of our Securing the Supply Chain series. In our second blog post Securing the Supply Chain - Meeting NISP SP 800-171 R2 we provided information on meeting compliance with DFARS (Defense Federal Acquisition Regulation Supplement) contracts clause 252-204-7019, which triggers your compliance with NIST 800-171 R2 by uploading your self-assessment, System Security Plan, and any Plan of Accreditation & Milestone (POA&M - Plan Of Actions and Milestones) to SPRS (Supplier Performance Risk System) system. Our initial blog covered what the government wants you to protect, the interim rule, Cybersecurity Maturity Model Certification (CMMC) levels, and how to get started. In this blog we start the journey toward meeting compliance with CMMC. We begin with first meeting compliance with NIST SP 800-171 R2, the latest self-assessment and self-attestation standard. Ultimately, over the next five years (by 2026), you will be required to meet DFARS contract clause 252-204-7021, which will trigger compliance with appropriate level of CMMC compliance. The Cybersecurity Maturity Model Certification (CMMC) is a compliance framework for Defense Industrial Base (DIB) contractors to safeguard intellectual property of United States. DIB contractors must properly safeguard, disseminate, and destroy Controlled Unclassified Information (CUI). As a DIB contractor, you will need to comply with the appropriate CMMC maturity level to renew a contract, compete for a new contract or receive an award of a contract. In this blog we give you the information you need to meet CMMC compliance.
Share
