Sara Friedman

Sara Friedman joined Inside Cybersecurity in February 2020. Previously, she covered government IT for GCN and education technology for THE Journal and Campus Technology. She graduated from Ithaca College with bachelor’s degrees in journalism and politics.

Connections
Archived Articles
Daily News | May 9, 2022

The Pentagon's interest in enabling companies to reach Cybersecurity Maturity Model Certification compliance through FedRAMP-approved cloud offerings is generating conversations within Microsoft and managed service providers on how such an offering could work in practice.

Daily News | May 4, 2022

Cybersecurity Maturity Model Certification assessment organizations are waiting on several details to fall into place so they can start conducting official assessments for companies that want to compete for defense contracts, but stakeholders say uncertainty over rulemaking timing is not impacting demand from companies wanting to be early adopters.

Daily News | April 28, 2022

Cybersecurity Maturity Model Certification Accreditation Body CEO Matthew Travis says he expects the Defense Department in early August to allow official third-party assessments under the voluntary cybersecurity certification program, kicking off the start of an interim period where company certifications will be accepted when the CMMC requirements start showing up in contracts next year.

Daily News | April 25, 2022

The Defense Department is moving aggressively to implement zero-trust architectures across the services and agencies by the end of 2027, according to Pentagon cyber chief David McKeown, who says the move has been accelerated by President Biden's cyber executive order.

Daily News | April 21, 2022

The Defense Department is in the early stages of determining whether it can work with industry partners to develop cloud service offerings that can help contractors meet Cybersecurity Maturity Model Certification requirements, according to Pentagon cyber chief David McKeown.

Daily News | April 21, 2022

Two rulemakings to implement the Pentagon's Cybersecurity Maturity Model Certification program are expected in May 2023, according to CMMC Director Stacy Bostjanick, who says they could be followed by an additional rule to establish how reciprocity will work with international partners.

Daily News | April 15, 2022

The National Institute of Standards and Technology has added two new data formats intended to improve the usability of four publications that are foundational to the Pentagon's cyber certification program.

Daily News | April 14, 2022

The Pentagon will start the formal process in July to make regulatory changes to its Cybersecurity Maturity Model Certification program with the submission of a new rulemaking to the White House Office of Management and Budget for review, according to a Pentagon spokesman.

Daily News | April 13, 2022

The use of waivers for the Pentagon’s Cybersecurity Maturity Model Certification program will be determined based on the needs of acquisition officials for specific contracts, not the qualifications of a company bidding for contract selection, according to CMMC director Stacy Bostjanick.

Daily News | April 8, 2022

CMMC director Stacy Bostjanick says the Pentagon is planning to release the “interim rule” to implement its Cybersecurity Maturity Model Certification program by May 2023, with initial requirements showing up in DOD contracts 60 days after the rule publication.

Daily News | April 7, 2022

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program hopes to release in June a CMMC assessment process guide, or CAP, with guidance on remediating gaps and addressing reciprocity with other federal standards, according to CMMC-AB Chief Executive Officer Matthew Travis.

Daily News | March 31, 2022

The Defense Contract Management Agency is planning to evaluate information submitted by contractors on their compliance with NIST Special Publication 800-171 to get a better understanding of whether the defense industrial base is meeting the current standard for handling sensitive data.

Daily News | March 23, 2022

The Defense Department is looking into how to keep contractors who pass a Cybersecurity Maturity Model Certification assessment accountable for maintaining their systems during the three-year certification period, according to John Ellis of the Defense Contract Management Agency, who says DOD may add an "affirmation" mechanism for companies to assert their compliance each year.

Daily News | March 2, 2022

The Defense Department is moving forward with its plans to split cyber certification requirements for contractors into two separate rulemakings, focused on NIST Special Publication 800-171 and the Cybersecurity Maturity Model Certification program.

Daily News | February 28, 2022

Contractors conducting research and technology development for the Defense Department are failing to protect controlled unclassified information on their networks, according to a DOD inspector general report, which evaluated their compliance against the Pentagon's requirements for safeguarding sensitive data.

Daily News | February 24, 2022

The Defense Department recommends the creation of cyber supply chain risk management guidance for Pentagon acquisition purposes, in a new report examining challenges and gaps in the department's supply chain activities.

Daily News | February 24, 2022

Voluntary assessments under the Pentagon's Cybersecurity Maturity Model Certification program are expected to begin in the second quarter of fiscal year 2022, according to Matthew Travis, CEO of the CMMC Accreditation Body, who outlined details that must be ironed out with the Defense Department before the interim period launch can begin.

Daily News | February 18, 2022

The Defense Department is still considering whether to allow companies to self-attest their compliance with level two of its Cybersecurity Maturity Model Certification program, according to DOD cyber chief David McKeown, who provided additional detail on the Pentagon's plans to address controlled unclassified information at a meeting on Thursday.

Daily News | February 17, 2022

The office of the Defense Department chief information officer has formally established a zero-trust portfolio management office with a focus on developing shared services and providing orchestration for implementations developed by the uniformed services and agencies within the department, according to DOD cyber chief David McKeown.

Daily News | February 16, 2022

The two rulemakings to implement the Defense Department’s Cybersecurity Maturity Model Certification program are a work in progress, according to DOD cyber chief David McKeown, who says the Pentagon is continuing to develop its policies in areas such as incentives and how contractors will be allowed to fill gaps.

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.