Sara Friedman

Sara Friedman joined Inside Cybersecurity in February 2020. Previously, she covered government IT for GCN and education technology for THE Journal and Campus Technology. She graduated from Ithaca College with bachelor’s degrees in journalism and politics.

Archived Articles
Daily News | July 25, 2023

The program office behind the Pentagon's cyber certification program and civilian agencies are identifying issues over the use of "organization-defined parameters" in the latest draft update to NIST Special Publication 800-171, a foundational document on the handling of controlled unclassified information.

Daily News | July 25, 2023

Senate Homeland Security Committee Chairman Gary Peters (D-MI) and Sen. James Lankford (R-OK) have offered a package of cyber bills for inclusion in the fiscal year 2024 defense authorization bill, including legislation to reform the Federal Information Security Modernization Act and address other cyber priorities, as work continues this week to pass the Senate's version of the major defense policy bill.

Daily News | July 24, 2023

The Professional Services Council wants the National Institute of Standards and Technology to consider how to align NIST's foundational guidance on handling controlled unclassified information with other cyber procurement requirements, including the Pentagon's cyber certification program.

Daily News | July 12, 2023

The Senate Armed Services Committee's version of the fiscal year 2024 defense authorization bill includes measures on cyber incident information sharing and implementing guidance on "memory-safe software programming."

Daily News | July 6, 2023

Two large defense contractor associations see a disconnect between the Cybersecurity and Infrastructure Security Agency's draft common form for self-attesting the security of software from contractors and the document behind the upcoming new policy, the NIST Secure Software Development Framework.

Daily News | June 28, 2023

A new memorandum from the White House Office of Management and Budget and acting National Cyber Director Kemba Walden provides details on the Biden administration's fiscal year 2025 cyber priorities for agencies broken down by resourcing needs to meet the goals of the five pillars in the national cyber strategy.

Daily News | June 26, 2023

An updated version of the Pentagon's no-cost contract with its independent Cybersecurity Maturity Model Certification accreditation body shows the changes made to their relationship in response to DOD's revamp of its cyber certification program in 2021, according to the amended contract obtained by Inside Cybersecurity.

Daily News | June 23, 2023

Lawmakers have revealed their Defense Department cyber priorities for fiscal year 2024 in the House and Senate versions of the annual defense authorization bill, which were approved at the committee level in both chambers this week.

Daily News | June 14, 2023

The House Armed Services cyber subcommittee on Tuesday unanimously approved its portion of the fiscal year 2024 defense authorization bill, with members praising bipartisan work to develop the legislation and how it addresses threats from China.

Daily News | June 13, 2023

The House Armed Services Committee today kicks off a series of fiscal year 2024 defense authorization bill mark-ups, with the cyber subcommittee set to consider tech-focused measures including directing the Defense Department to develop an intellectual property strategy, moving the Defense Innovation Unit and studies on cyber initiatives.

Daily News | June 12, 2023

The Office of Management and Budget has issued a memorandum refining upcoming requirements for federal contractors that will self-attest to the security of their software, extending the deadline for compliance and adding policy conditions for addressing gaps in attestation.

Daily News | June 8, 2023

The Small Business Administration's Office of Advocacy will get a chance to provide feedback on the upcoming rulemaking to establish the Pentagon's cyber certification program before it is finalized, according to chief counsel Major Clark, who spoke with Inside Cybersecurity on how SBA is involved in the review process.

Daily News | May 12, 2023

The National Institute of Standards and Technology will hold a webinar on June 6 to provide an overview of changes in the first draft of revision three for Special Publication 800-171, a foundational document that guides how agencies set cyber policy for contractors on protecting sensitive federal data.

Daily News | May 10, 2023

The National Institute of Standards and Technology, in the first draft of Special Publication 800-171 Rev. 3, is proposing new security measures for organizations handling sensitive federal data that more closely align NIST's massive catalog of security and privacy controls and allow for more flexibility in assessing risk.

Daily News | May 9, 2023

More tech companies are interested in joining the defense industrial base, according to Ross Nodurft, who leads the public-sector-focused Alliance for Digital Innovation, but uncertainties over how much it will cost to comply with the upcoming Pentagon cyber certification program that has faced delays is a top concern.

The Insider | May 8, 2023

The National Defense Information Sharing and Analysis Center has published a supply chain handbook for small business manufacturing designed to help companies address "specific and common challenges" by offering use cases and ideas to address them.

Daily News | May 4, 2023

Steve Shirley, executive director of the National Defense Information Sharing and Analysis Center, sees an opportunity for the Defense Department and Cybersecurity and Infrastructure Security Agency to work together on incident reporting as the Pentagon starts to expand its voluntary information sharing program and CISA implements a regime for critical infrastructure.

Daily News | May 2, 2023

The Defense Department has issued a proposed rule to expand its Defense Industrial Base Cybersecurity information-sharing program to include more contractors who hold sensitive data for the services and DOD agencies, in response to an increased interest in wider community participation.

Daily News | April 27, 2023

SAN FRANCISCO -- Contracting attorney Robert Metzger offered two potential reasons behind why the Pentagon's process to issue a rulemaking implementing its Cybersecurity Maturity Model Certification program is delayed, following a panel discussion at an industry event here at the RSA conference.

Daily News | April 25, 2023

SAN FRANCISCO -- The Federal Acquisition Security Council completed a lot of work to make sure the process for issuing removal and exclusion orders for untrustworthy equipment on federal systems is deliberate and risk-based, according to National Institute of Standards and Technology supply chain leader Jon Boyens, who participated in a panel with leaders behind the Defense Department's cyber certification program.

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.