Sara Friedman

Sara Friedman joined Inside Cybersecurity in February 2020. Previously, she covered government IT for GCN and education technology for THE Journal and Campus Technology. She graduated from Ithaca College with bachelor’s degrees in journalism and politics.

Connections
Archived Articles
Daily News | January 10, 2023

Full implementation of the Pentagon's Cybersecurity Maturity Model Certification program for defense contractors will likely shift to 2024 based on revised estimates from the Defense Department in the fall 2022 unified agenda, which indicates two proposed rules are expected for release in the coming months.

Daily News | January 5, 2023

Multiple agencies are expected to act on incident reporting requirements in the new year as work to digest industry feedback continues at the Securities and Exchange Commission and Cybersecurity and Infrastructure Security Agency, while changes to federal acquisition regulations from the 2021 cyber executive order are coming along with the release of the long-awaited national cyber strategy.

Daily News | December 21, 2022

The Pentagon is planning to submit the first rulemaking under its cyber certification program in January for review by the White House Office of Management and Budget, according to a Defense Department spokeswoman, shifting the official launch timeframe farther down the road than previously expected.

Daily News | December 16, 2022

A recent guide from the National Defense Information Sharing and Analysis Center is designed to assist small and medium-size businesses with choosing a managed service provider to help reach compliance with the Pentagon's Cybersecurity Maturity Model Certification program.

Daily News | December 7, 2022

Defense contractors are having trouble complying with current cyber standards put in place in 2017, according to a recent industry survey, which puts a spotlight on the defense industrial base preparedness for the Cybersecurity Maturity Model Certification program.

Daily News | December 6, 2022

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is touting its progress over the past year in growing the CMMC ecosystem, while noting the number of consultants registered with the non-profit has declined due to ongoing work at the Defense Department to finalize regulations and kick off the formal program.

Daily News | November 29, 2022

A coalition of industry groups is pushing for Senate Armed Services Committee leadership to drop an amendment from the fiscal year 2023 defense authorization bill that would extend the current ban on federal contractors using equipment and services from Huawei and ZTE to include three Chinese semiconductor companies.

Daily News | November 28, 2022

A coalition of industry groups is urging congressional leaders to remove a provision in the Senate version of the fiscal year 2023 defense authorization bill that would direct the Defense Department to require a Software Bill of Materials from defense contractors.

Daily News | November 15, 2022

A new report from the Government Accountability Office finds significant deficiencies in how the Pentagon collects and uses cyber incident reporting data from the defense industrial base required under Defense Department policy.

Daily News | November 11, 2022

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence is revealing details for an upcoming project on securing the software supply chain using a DevSecOps implementation approach.

Daily News | November 10, 2022

Cybersecurity Maturity Model Certification program Director Stacy Bostjanick urged defense companies to get prepared for assessment under the CMMC effort, as the process to finalize version 2.0 changes gets closer to fruition.

Daily News | October 27, 2022

Defense contractors should not wait until the launch of the Cybersecurity Maturity Model Certification program to reach compliance with the Pentagon's cyber standard for handling of controlled unclassified information, according to Defense Department officials.

Daily News | October 21, 2022

The Pentagon's upcoming zero-trust strategy will look at implementation across the Defense Department's "enterprise," according to Microsoft Federal Security Chief Technology Officer Steve Faehl, which he says differs from the approach on the civilian side of government and allows for increased coordination among the military services.

Daily News | October 18, 2022

BSA-The Software Alliance wants the House and Senate to sort out diverging proposals on Software Bill of Materials contained each in chamber's version of this year's annual defense policy bill, and calls for an approach that goes across government rather than focusing just on the Homeland Security or Defense departments.

Daily News | October 6, 2022

The National Institute of Standards and Technology's update to the Special Publication 800-171 series should include guidance on Software Bill of Materials in regards to how contractors are handling the use of controlled unclassified information held on nonfederal systems, according to recent feedback from the Defense Department and the National Security Agency.

Daily News | October 3, 2022

CTIA, a telecom group advocating for wireless providers, is urging the National Institute of Standards and Technology to align updates to the controlled unclassified information series to the Pentagon's Cybersecurity Maturity Model Certification program, demonstrating support for an initiative that's typically the focus of defense and tech sector stakeholders.

Daily News | September 28, 2022

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has formally started to spin off its work to certify assessors and build training with licensed providers into an independent business unit, as required by the organization’s no-cost contract signed in 2020 with the Defense Department.

Daily News | September 27, 2022

The Information Technology Industry Council is offering ways the National Institute of Standards and Technology can work with other agencies to smooth the path toward reciprocity on the handling of sensitive federal data held on contractor systems, as NIST starts the update process to revise key publications.

Daily News | September 26, 2022

Two large defense groups are urging NIST to consider how to align its four-part publication series on controlled unclassified information to other frameworks, while also suggesting potential changes related to the Pentagon's Cybersecurity Maturity Model Certification program.

Daily News | September 23, 2022

Lawmakers are preparing to make changes to the "systemically important entities" proposal in the House version of the fiscal year 2023 defense authorization bill when it comes to the Senate floor for a vote next month, according to Cyberspace Solarium Commission leaders who responded to significant industry criticism at a recent event.

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.