Sara Friedman

Sara Friedman joined Inside Cybersecurity in February 2020. Previously, she covered government IT for GCN and education technology for THE Journal and Campus Technology. She graduated from Ithaca College with bachelor’s degrees in journalism and politics.

Connections
Archived Articles
Daily News | June 28, 2023

A new memorandum from the White House Office of Management and Budget and acting National Cyber Director Kemba Walden provides details on the Biden administration's fiscal year 2025 cyber priorities for agencies broken down by resourcing needs to meet the goals of the five pillars in the national cyber strategy.

Daily News | June 26, 2023

An updated version of the Pentagon's no-cost contract with its independent Cybersecurity Maturity Model Certification accreditation body shows the changes made to their relationship in response to DOD's revamp of its cyber certification program in 2021, according to the amended contract obtained by Inside Cybersecurity.

Daily News | June 23, 2023

Lawmakers have revealed their Defense Department cyber priorities for fiscal year 2024 in the House and Senate versions of the annual defense authorization bill, which were approved at the committee level in both chambers this week.

Daily News | June 14, 2023

The House Armed Services cyber subcommittee on Tuesday unanimously approved its portion of the fiscal year 2024 defense authorization bill, with members praising bipartisan work to develop the legislation and how it addresses threats from China.

Daily News | June 13, 2023

The House Armed Services Committee today kicks off a series of fiscal year 2024 defense authorization bill mark-ups, with the cyber subcommittee set to consider tech-focused measures including directing the Defense Department to develop an intellectual property strategy, moving the Defense Innovation Unit and studies on cyber initiatives.

Daily News | June 12, 2023

The Office of Management and Budget has issued a memorandum refining upcoming requirements for federal contractors that will self-attest to the security of their software, extending the deadline for compliance and adding policy conditions for addressing gaps in attestation.

Daily News | June 8, 2023

The Small Business Administration's Office of Advocacy will get a chance to provide feedback on the upcoming rulemaking to establish the Pentagon's cyber certification program before it is finalized, according to chief counsel Major Clark, who spoke with Inside Cybersecurity on how SBA is involved in the review process.

Daily News | May 12, 2023

The National Institute of Standards and Technology will hold a webinar on June 6 to provide an overview of changes in the first draft of revision three for Special Publication 800-171, a foundational document that guides how agencies set cyber policy for contractors on protecting sensitive federal data.

Daily News | May 10, 2023

The National Institute of Standards and Technology, in the first draft of Special Publication 800-171 Rev. 3, is proposing new security measures for organizations handling sensitive federal data that more closely align NIST's massive catalog of security and privacy controls and allow for more flexibility in assessing risk.

Daily News | May 9, 2023

More tech companies are interested in joining the defense industrial base, according to Ross Nodurft, who leads the public-sector-focused Alliance for Digital Innovation, but uncertainties over how much it will cost to comply with the upcoming Pentagon cyber certification program that has faced delays is a top concern.

The Insider | May 8, 2023

The National Defense Information Sharing and Analysis Center has published a supply chain handbook for small business manufacturing designed to help companies address "specific and common challenges" by offering use cases and ideas to address them.

Daily News | May 4, 2023

Steve Shirley, executive director of the National Defense Information Sharing and Analysis Center, sees an opportunity for the Defense Department and Cybersecurity and Infrastructure Security Agency to work together on incident reporting as the Pentagon starts to expand its voluntary information sharing program and CISA implements a regime for critical infrastructure.

Daily News | May 2, 2023

The Defense Department has issued a proposed rule to expand its Defense Industrial Base Cybersecurity information-sharing program to include more contractors who hold sensitive data for the services and DOD agencies, in response to an increased interest in wider community participation.

Daily News | April 27, 2023

SAN FRANCISCO -- Contracting attorney Robert Metzger offered two potential reasons behind why the Pentagon's process to issue a rulemaking implementing its Cybersecurity Maturity Model Certification program is delayed, following a panel discussion at an industry event here at the RSA conference.

Daily News | April 25, 2023

SAN FRANCISCO -- The Federal Acquisition Security Council completed a lot of work to make sure the process for issuing removal and exclusion orders for untrustworthy equipment on federal systems is deliberate and risk-based, according to National Institute of Standards and Technology supply chain leader Jon Boyens, who participated in a panel with leaders behind the Defense Department's cyber certification program.

The Insider | April 21, 2023

The annual RSA conference in San Francisco kicks off Monday with a focus this year on the national cyber strategy, operational collaboration, hardware and software security and more in keynote sessions and panels running through Thursday.

Daily News | April 13, 2023

The Aerospace Industries Association is urging its members to achieve the current cyber requirements in defense contracts regarding National Institute of Standards and Technology Special Publication 800-171 and accompanying documentation as uncertainty continues over when the Pentagon's Cybersecurity Maturity Model Certification program will launch.

Daily News | April 5, 2023

Stacy Bostjanick, chief of defense industrial base cybersecurity, says industry should expect to see a rulemaking in June that will expand the Pentagon's incident reporting program for companies who currently have a defense contract to the wider defense industrial base that handles controlled unclassified information.

Daily News | March 30, 2023

DOD Chief Information Officer John Sherman assured lawmakers at a Thursday hearing on the rollout of the Cybersecurity Maturity Model Certification program, acknowledging it has faced delays following an internal review while committing that it will be carried out successfully.

Daily News | March 23, 2023

The Defense Department has finalized a rulemaking to revise the use of its supplier risk system platform for acquisition officials when evaluating bids for contracts, making a move that stakeholders see as a precursor for the Pentagon's Cybersecurity Maturity Model Certification program becoming part of the formal acquisition process.

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.