Sara Friedman

Sara Friedman joined Inside Cybersecurity in February 2020. Previously, she covered government IT for GCN and education technology for THE Journal and Campus Technology. She graduated from Ithaca College with bachelor’s degrees in journalism and politics.

Connections
Archived Articles
Daily News | October 3, 2022

CTIA, a telecom group advocating for wireless providers, is urging the National Institute of Standards and Technology to align updates to the controlled unclassified information series to the Pentagon's Cybersecurity Maturity Model Certification program, demonstrating support for an initiative that's typically the focus of defense and tech sector stakeholders.

Daily News | September 28, 2022

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has formally started to spin off its work to certify assessors and build training with licensed providers into an independent business unit, as required by the organization’s no-cost contract signed in 2020 with the Defense Department.

Daily News | September 27, 2022

The Information Technology Industry Council is offering ways the National Institute of Standards and Technology can work with other agencies to smooth the path toward reciprocity on the handling of sensitive federal data held on contractor systems, as NIST starts the update process to revise key publications.

Daily News | September 26, 2022

Two large defense groups are urging NIST to consider how to align its four-part publication series on controlled unclassified information to other frameworks, while also suggesting potential changes related to the Pentagon's Cybersecurity Maturity Model Certification program.

Daily News | September 23, 2022

Lawmakers are preparing to make changes to the "systemically important entities" proposal in the House version of the fiscal year 2023 defense authorization bill when it comes to the Senate floor for a vote next month, according to Cyberspace Solarium Commission leaders who responded to significant industry criticism at a recent event.

Daily News | September 23, 2022

The Cyberspace Solarium Commission has released its second annual report evaluating how Congress, agencies and the White House are implementing recommendations from the 2020 landmark report and subsequent white papers on important cyber topics.

Daily News | September 16, 2022

The Defense and Justice departments are urging the Federal Communications Commission to move forward with work to secure the Border Gateway Protocol in a new filing, which explains associated national security risks and argues against using a voluntary approach to address vulnerabilities.

Daily News | August 31, 2022

The Cybersecurity Maturity Model Certification Accreditation Body CEO Matthew Travis says he plans to update the CMMC assessment process guide, known as "the CAP," as more details come out from the Defense Department and partners at the National Institute of Standards and Technology on their plans for managed service providers and addressing reciprocity.

Daily News | August 30, 2022

The National Defense Industrial Association is seeking clarity from the accreditation body behind the Pentagon's cyber certification program on how managed service providers can be used to help companies reach compliance and address reciprocity.

Daily News | August 30, 2022

Defense Department and NIST initiatives aimed at small businesses are playing a part in helping companies prepare for the Pentagon's Cybersecurity Maturity Model Certification program, according to CyberRx CEO Ola Sage, a leading advocate on SMB cyber issues.

Daily News | August 29, 2022

The release of the Cyber Accreditation Body's Cybersecurity Maturity Model Certification assessment process guide is "premature" and could substantially increase costs for organizations seeking assessment, according to a large procurement association, which argues that it should be rescinded until the Defense Department completes its rulemaking process.

Daily News | August 22, 2022

A defense industry leader says the Defense Industrial Base Sector Coordinating Council's recent exercise on the Pentagon's Cybersecurity Maturity Model Certification program shows more work is necessary to determine how the department will classify controlled unclassified information and the required maturity level needed for defense suppliers in contracts.

Daily News | August 19, 2022

The Department of Homeland Security is moving forward with a final rule to set up security requirements for contractors handling sensitive data, submitting the rulemaking to the Office of Management and Budget for review.

Daily News | August 19, 2022

Creating resilient supply chains in the United States will depend on investments in manufacturing like those in the CHIPS and Science Act, which provides $52 billion to bolster semiconductor production, according to National Cyber Director Chris Inglis, who argued the traditional rip-and-replace approach won't work in the long term.

Daily News | August 12, 2022

Using managed service providers to help companies reach Cybersecurity Maturity Model Certification compliance should extend beyond the Defense Department by incorporating civilian agencies that also handle controlled unclassified information, according to a former General Services Administration senior official.

Daily News | July 28, 2022

The first official Cybersecurity Maturity Model Certification assessment starts Aug. 22 under the Pentagon's "joint surveillance voluntary program," where a certified third-party assessment organization will conduct the examination and report results to the Defense Contract Management Agency for final approval.

Daily News | July 28, 2022

Plans to update the National Institute of Standards and Technology's controlled unclassified information publications will depend on input gathered in a current pre-call for comments due in September, according to 800-171 series leader Victoria Pillitteri, who spoke at a July 27 summit focused on the Pentagon's Cybersecurity Maturity Model certification program.

Daily News | July 27, 2022

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has released the first "pre-decisional draft" of its CMMC assessment process guide, known as "the CAP," for public review and comment, going into detail on how organizations can obtain a certification from the planning phase to reporting results and addressing gaps.

Daily News | July 21, 2022

Senate Armed Services Committee leadership is asking the Government Accountability Office to "conduct an assessment on the incorporation of reciprocity" into the Pentagon's Cybersecurity Maturity Model Certification program, in the chamber's latest version of the fiscal year 2023 defense authorization bill.

Daily News | July 20, 2022

Cyber elements in the Senate version of the fiscal year 2023 defense authorization bill are mostly Defense Department-focused, including a provision to require contractors to submit a Software Bill of Materials, and new authorities for U.S. Cyber Command to play an active role in addressing critical infrastructure attacks by "foreign powers."

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.