how to make a site


News, learning and musings

Email is the
Biggest Threat

In 2018, the most common vector of attack was the most common form of communication: email. Learn more…

What is

Everyone is talking about cybersecurity. But what is it? Is it something new? Or is it just common sense? Learn more...

FedRAMP and
NIST 800-171

Can you use a Cloud Service Provider, like Office 365, and still be NIST 800-171 compliant? The FedRAMP is here to help! Learn more…


One of the implied promises of DevOps is the tearing down of the silos between operations and developers. Some people consider it to be the death knell for SysOps. Nope. Learn more...

Staying abreast of Technology is what we do for you! The world of technology changes, not just in generations, years, months or even days. Sometimes, changes occur in a matter of hours!

We are Failing at
Email Security

Mimecast's The State of Email Security, published in 2018 states that, "Cyberattackers from all over the world are targeting organizations, like yours." and that almost 60% of organizations will suffer from the effects of a malicious attack or loss of information this year!

Email security, like any form of virtual or physical security starts at the top. A top-level acceptance of rick, mitigation, planning procedure and action is the only way that you can beat the odds. Don't be in the majority, be ready!


What Is It?

In the early days of computers and networks, everyone operated with the knowledge that if someone hacked into your system from another computer, you could just walk down the hall and punch them in the nose. Personal accountability and the fact that it was a close-knit group of people all working for the same thing made security an after-thought. In fact, the only reason that you had usernames and passwords was so that some other guy didn’t steal the limited computer time from you!

Times have definitely changed. While in 1972, someone asking you for your account information might not even sound a little suspicious, now, it would immediately make you think that they were trying to hack your accounts and steal not just your money, but your identity, too. A little paranoia goes a long way!

So, what exactly is cyber security? It’s a combination of computer security, website security, password security, credit security, identity security, network security… well, you should get it. If it has anything to do with the device that you are using to read this and it’s concerned with security, it’s cyber security. So, why the new name? In the past, network security dealt with networks and computer security, computers, but there was no real idea of putting them all into a comprehensive umbrella. If you can make your network more secure by better-securing your server and you can make your computer more secure by better securing your network, why not make them all work together. By securing each thing, you secure all things even better!

In today’s world, where even the device in your pocket is connected to the office server, having a comprehensive security solution in place, one that uses all of this new-fangled cyber security, is the only way that you will stay secure. Novation Systems has been securing systems since the 1980’s. Contact us to help you!

CloudOps - a new vision

DevOps is not System Admin

The DevOps revolution has promised the end of the System Administrator as developers, product owners, QA and other team members now have to tools to configure, deploy and manage computing assets. As the world moves down this new path, System Administrators work diligently in the background, adjusting, leveraging expertise in security, data redundancy, hardware performance characteristics and system tuning.  As your team expands further into the cloud, your need of experienced system administrators will increase. 

Novation Systems relies on the team at NovaStratos to provide cloud operations expertise, relieving your team from the complexities of the modern cloud and ensuring maximum uptime, maximum performance and minimum expense.

HIPAA Availability

All businesses need to have a disaster recovery plan, but HIPAA rules require a disaster recovery plan that ensures that patient health information is made available in a "timely manner." Just what does the HHS and Office of Civil Rights think "timely" means? Recent events and responses include discussion of special circumstances and alterations to the privacy rule to ensure effective communications for health care workers in a disaster, including first-responders, volunteers, government and civil authorities and members of volunteer organizations. Nowhere in the rule does it state exactly what a timely response is considered to be, but professionals using knowledge of the situation and patient information are assumed to make information available in such a way as to minimize the  danger to patients and emergency workers. 

The first step for all of this is a PLAN. Without a plan, patient care and protections will fail. Fail to plan == plan to fail. 

If you do not have a plan in place, contact us. Our compliance team will get you on-track to meet these mandates, protect your practice and, most importantly, prepare you for the inevitable.

NIST 800-171 and FedRAMP

How Do I Comply in the Cloud?


Cloud Security and FedRAMP

When your team seeks compliance with any mandate, whether it's NIST 800-171 or an industry compliance requirement, how the security of a cloud provider meets those needs, as well as your business needs is important.

For government customers, the CIO of the US announced in 2011 that the Federal Government would move to a "cloud-first" stance on all new information systems. Along with this came a push for a "standard" for the protection of data from loss. This standard became the FedRAMP program, providing a definition and accreditation process for cloud providers to show that they meet these data protection requirements.

FedRAMP not only provides a standard, but it allows agencies and contractors to know that they are meeting the data security requirements when they purchase services from cloud providers. 

The FedRAMP program publishes lists of certified cloud service providers at their website -


FedRAMP "Levels"

In addition to defining the security and management requirements to obtain FedRAMP certification, higher-levels of security are defined to help government agencies and their contractors better-protect your data. Along with the "FedRAMP" certification (which is actually "FedRAMP Low") there are is also a "FedRAMP Moderate" and a "FedRAMP High." These higher levels include higher restrictions on physical access, storage mechanisms for data and are assigned as requirements based on the likelihood that a loss of the data would result in an inconvenience, a work stoppage or even the loss of confidential information. There is no classified data stored in a FedRAMP-compliant data centers, since classified information is not stored on the public internet.

Cloud Service Providers (CSP)

The FedRAMP program defines the companies that manage and sell cloud services as CSPs. These include large companies, such as Amazon AWS, Google and Microsoft and smaller companies around the country that maintain high-levels of security. Most of these companies meet the requirements for these multiple levels and provide similar security classification naming. Microsoft, for instance, provides the Government Community Cloud (GCC), GCC High and GCC DoD (only available for DoD organizations; no contractors) that equate to FedRAMP Moderate, and FedRAMP High certifications. Microsoft's "Enterprise" services (such as Microsoft Office 365 Enterprise E3) already meet the FedRAMP Low requirements.


Making the Right Decision

Our team has helped contractors meet their compliance needs by pointing them to the right services and products that not only meet your needs, but fit your budget, as well. Our years of experience in working with small and medium-sized businesses make us uniquely qualified to partner with your team and guide you to the compliance you need.

Contact Us

Novation Systems is here to partner with you and help you meet your compliance needs. From Amazon, to Google, to Microsoft, we partner with the right company to help you. Contact Us to find out how we can work with you!