Sara Friedman

Sara Friedman joined Inside Cybersecurity in February 2020. Previously, she covered government IT for GCN and education technology for THE Journal and Campus Technology. She graduated from Ithaca College with bachelor’s degrees in journalism and politics.

Connections
Archived Articles
Daily News | August 29, 2022

The release of the Cyber Accreditation Body's Cybersecurity Maturity Model Certification assessment process guide is "premature" and could substantially increase costs for organizations seeking assessment, according to a large procurement association, which argues that it should be rescinded until the Defense Department completes its rulemaking process.

Daily News | August 22, 2022

A defense industry leader says the Defense Industrial Base Sector Coordinating Council's recent exercise on the Pentagon's Cybersecurity Maturity Model Certification program shows more work is necessary to determine how the department will classify controlled unclassified information and the required maturity level needed for defense suppliers in contracts.

Daily News | August 19, 2022

The Department of Homeland Security is moving forward with a final rule to set up security requirements for contractors handling sensitive data, submitting the rulemaking to the Office of Management and Budget for review.

Daily News | August 19, 2022

Creating resilient supply chains in the United States will depend on investments in manufacturing like those in the CHIPS and Science Act, which provides $52 billion to bolster semiconductor production, according to National Cyber Director Chris Inglis, who argued the traditional rip-and-replace approach won't work in the long term.

Daily News | August 12, 2022

Using managed service providers to help companies reach Cybersecurity Maturity Model Certification compliance should extend beyond the Defense Department by incorporating civilian agencies that also handle controlled unclassified information, according to a former General Services Administration senior official.

Daily News | July 28, 2022

The first official Cybersecurity Maturity Model Certification assessment starts Aug. 22 under the Pentagon's "joint surveillance voluntary program," where a certified third-party assessment organization will conduct the examination and report results to the Defense Contract Management Agency for final approval.

Daily News | July 28, 2022

Plans to update the National Institute of Standards and Technology's controlled unclassified information publications will depend on input gathered in a current pre-call for comments due in September, according to 800-171 series leader Victoria Pillitteri, who spoke at a July 27 summit focused on the Pentagon's Cybersecurity Maturity Model certification program.

Daily News | July 27, 2022

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has released the first "pre-decisional draft" of its CMMC assessment process guide, known as "the CAP," for public review and comment, going into detail on how organizations can obtain a certification from the planning phase to reporting results and addressing gaps.

Daily News | July 21, 2022

Senate Armed Services Committee leadership is asking the Government Accountability Office to "conduct an assessment on the incorporation of reciprocity" into the Pentagon's Cybersecurity Maturity Model Certification program, in the chamber's latest version of the fiscal year 2023 defense authorization bill.

Daily News | July 20, 2022

Cyber elements in the Senate version of the fiscal year 2023 defense authorization bill are mostly Defense Department-focused, including a provision to require contractors to submit a Software Bill of Materials, and new authorities for U.S. Cyber Command to play an active role in addressing critical infrastructure attacks by "foreign powers."

Daily News | July 20, 2022

The National Institute of Standards and Technology has issued a pre-draft call for comments on four publications that explain how to protect the confidentiality of sensitive government data held on nonfederal systems, which are critical to the Pentagon's Cybersecurity Maturity Model Certification program.

Daily News | July 5, 2022

The Defense Department is getting closer to finalizing details on the process for contractors to obtain a cyber certification ahead of the effort's formal launch in May 2023, which will include a memo from Pentagon officials to establish a "joint surveillance program" where assessment organizations and DOD officials work together to complete voluntary examinations.

The Insider | July 5, 2022

MxD, a public-private partnership funded by the Defense Department, has published a CMMC playbook to help manufacturing companies meet level one requirements in the Pentagon’s cyber certification program.

Daily News | June 30, 2022

The Pentagon is planning to issue a final rule in December establishing a regime for Defense Department acquisition officials to conduct assessments of a contractor's compliance with NIST Special Publication 800-171.

Daily News | June 29, 2022

Pentagon cyber chief David McKeown says there are ongoing discussions to create a "cyber secure framework" for the defense industrial base that will go beyond the CMMC program and be based on the NIST cybersecurity framework.

Daily News | June 29, 2022

The Pentagon's acquisition office has issued a memorandum reminding acquisition officials of the Defense Department's current standard for the handling of controlled unclassified information and potential remedies for non-compliance.

Daily News | June 23, 2022

The House Armed Services Committee has approved its version of the fiscal 2023 defense authorization bill, including provisions to create an “information collaboration environment” at CISA and directing DHS and CISA to provide details to Congress on cyber incident response responsibilities.

Daily News | June 17, 2022

The House Armed Services Committee is set to mark up an annual defense policy bill that includes creation of the "Cyber Threat Information Collaboration Environment Program," a reworked version of a Cyberspace Solarium Commission proposal viewed as an important component for government-industry interaction.

Daily News | June 8, 2022

The House Armed Services Committee will take the first steps today in considering cyber proposals for the fiscal year 2023 defense authorization bill, including requiring a congressional briefing from Pentagon officials on their cyber certification program and Software Bill of Materials efforts.

Daily News | June 7, 2022

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program announced a rebrand and new website today, aiming to align with the organization's future and offering new opportunities to bring CMMC to civilian agencies and international entities.

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.