Saturday, April 20, 2024
A new report from the Government Accountability Office finds significant deficiencies in how the Pentagon collects and uses cyber incident reporting data from the defense industrial base required under Defense Department policy.
The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence is revealing details for an upcoming project on securing the software supply chain using a DevSecOps implementation approach.
Cybersecurity Maturity Model Certification program Director Stacy Bostjanick urged defense companies to get prepared for assessment under the CMMC effort, as the process to finalize version 2.0 changes gets closer to fruition.
Defense contractors should not wait until the launch of the Cybersecurity Maturity Model Certification program to reach compliance with the Pentagon's cyber standard for handling of controlled unclassified information, according to Defense Department officials.
The Pentagon's upcoming zero-trust strategy will look at implementation across the Defense Department's "enterprise," according to Microsoft Federal Security Chief Technology Officer Steve Faehl, which he says differs from the approach on the civilian side of government and allows for increased coordination among the military services.
BSA-The Software Alliance wants the House and Senate to sort out diverging proposals on Software Bill of Materials contained each in chamber's version of this year's annual defense policy bill, and calls for an approach that goes across government rather than focusing just on the Homeland Security or Defense departments.
The National Institute of Standards and Technology's update to the Special Publication 800-171 series should include guidance on Software Bill of Materials in regards to how contractors are handling the use of controlled unclassified information held on nonfederal systems, according to recent feedback from the Defense Department and the National Security Agency.
CTIA, a telecom group advocating for wireless providers, is urging the National Institute of Standards and Technology to align updates to the controlled unclassified information series to the Pentagon's Cybersecurity Maturity Model Certification program, demonstrating support for an initiative that's typically the focus of defense and tech sector stakeholders.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has formally started to spin off its work to certify assessors and build training with licensed providers into an independent business unit, as required by the organization’s no-cost contract signed in 2020 with the Defense Department.
The Information Technology Industry Council is offering ways the National Institute of Standards and Technology can work with other agencies to smooth the path toward reciprocity on the handling of sensitive federal data held on contractor systems, as NIST starts the update process to revise key publications.
Two large defense groups are urging NIST to consider how to align its four-part publication series on controlled unclassified information to other frameworks, while also suggesting potential changes related to the Pentagon's Cybersecurity Maturity Model Certification program.
Lawmakers are preparing to make changes to the "systemically important entities" proposal in the House version of the fiscal year 2023 defense authorization bill when it comes to the Senate floor for a vote next month, according to Cyberspace Solarium Commission leaders who responded to significant industry criticism at a recent event.
The Cyberspace Solarium Commission has released its second annual report evaluating how Congress, agencies and the White House are implementing recommendations from the 2020 landmark report and subsequent white papers on important cyber topics.
The Defense and Justice departments are urging the Federal Communications Commission to move forward with work to secure the Border Gateway Protocol in a new filing, which explains associated national security risks and argues against using a voluntary approach to address vulnerabilities.
The Cybersecurity Maturity Model Certification Accreditation Body CEO Matthew Travis says he plans to update the CMMC assessment process guide, known as "the CAP," as more details come out from the Defense Department and partners at the National Institute of Standards and Technology on their plans for managed service providers and addressing reciprocity.
The National Defense Industrial Association is seeking clarity from the accreditation body behind the Pentagon's cyber certification program on how managed service providers can be used to help companies reach compliance and address reciprocity.
Defense Department and NIST initiatives aimed at small businesses are playing a part in helping companies prepare for the Pentagon's Cybersecurity Maturity Model Certification program, according to CyberRx CEO Ola Sage, a leading advocate on SMB cyber issues.
The release of the Cyber Accreditation Body's Cybersecurity Maturity Model Certification assessment process guide is "premature" and could substantially increase costs for organizations seeking assessment, according to a large procurement association, which argues that it should be rescinded until the Defense Department completes its rulemaking process.
A defense industry leader says the Defense Industrial Base Sector Coordinating Council's recent exercise on the Pentagon's Cybersecurity Maturity Model Certification program shows more work is necessary to determine how the department will classify controlled unclassified information and the required maturity level needed for defense suppliers in contracts.
The Department of Homeland Security is moving forward with a final rule to set up security requirements for contractors handling sensitive data, submitting the rulemaking to the Office of Management and Budget for review.