Sara Friedman

Sara Friedman joined Inside Cybersecurity in February 2020. Previously, she covered government IT for GCN and education technology for THE Journal and Campus Technology. She graduated from Ithaca College with bachelor’s degrees in journalism and politics.

Connections
Archived Articles
Daily News | December 7, 2022

Defense contractors are having trouble complying with current cyber standards put in place in 2017, according to a recent industry survey, which puts a spotlight on the defense industrial base preparedness for the Cybersecurity Maturity Model Certification program.

Daily News | December 6, 2022

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is touting its progress over the past year in growing the CMMC ecosystem, while noting the number of consultants registered with the non-profit has declined due to ongoing work at the Defense Department to finalize regulations and kick off the formal program.

Daily News | November 29, 2022

A coalition of industry groups is pushing for Senate Armed Services Committee leadership to drop an amendment from the fiscal year 2023 defense authorization bill that would extend the current ban on federal contractors using equipment and services from Huawei and ZTE to include three Chinese semiconductor companies.

Daily News | November 28, 2022

A coalition of industry groups is urging congressional leaders to remove a provision in the Senate version of the fiscal year 2023 defense authorization bill that would direct the Defense Department to require a Software Bill of Materials from defense contractors.

Daily News | November 15, 2022

A new report from the Government Accountability Office finds significant deficiencies in how the Pentagon collects and uses cyber incident reporting data from the defense industrial base required under Defense Department policy.

Daily News | November 11, 2022

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence is revealing details for an upcoming project on securing the software supply chain using a DevSecOps implementation approach.

Daily News | November 10, 2022

Cybersecurity Maturity Model Certification program Director Stacy Bostjanick urged defense companies to get prepared for assessment under the CMMC effort, as the process to finalize version 2.0 changes gets closer to fruition.

Daily News | October 27, 2022

Defense contractors should not wait until the launch of the Cybersecurity Maturity Model Certification program to reach compliance with the Pentagon's cyber standard for handling of controlled unclassified information, according to Defense Department officials.

Daily News | October 21, 2022

The Pentagon's upcoming zero-trust strategy will look at implementation across the Defense Department's "enterprise," according to Microsoft Federal Security Chief Technology Officer Steve Faehl, which he says differs from the approach on the civilian side of government and allows for increased coordination among the military services.

Daily News | October 18, 2022

BSA-The Software Alliance wants the House and Senate to sort out diverging proposals on Software Bill of Materials contained each in chamber's version of this year's annual defense policy bill, and calls for an approach that goes across government rather than focusing just on the Homeland Security or Defense departments.

Daily News | October 6, 2022

The National Institute of Standards and Technology's update to the Special Publication 800-171 series should include guidance on Software Bill of Materials in regards to how contractors are handling the use of controlled unclassified information held on nonfederal systems, according to recent feedback from the Defense Department and the National Security Agency.

Daily News | October 3, 2022

CTIA, a telecom group advocating for wireless providers, is urging the National Institute of Standards and Technology to align updates to the controlled unclassified information series to the Pentagon's Cybersecurity Maturity Model Certification program, demonstrating support for an initiative that's typically the focus of defense and tech sector stakeholders.

Daily News | September 28, 2022

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has formally started to spin off its work to certify assessors and build training with licensed providers into an independent business unit, as required by the organization’s no-cost contract signed in 2020 with the Defense Department.

Daily News | September 27, 2022

The Information Technology Industry Council is offering ways the National Institute of Standards and Technology can work with other agencies to smooth the path toward reciprocity on the handling of sensitive federal data held on contractor systems, as NIST starts the update process to revise key publications.

Daily News | September 26, 2022

Two large defense groups are urging NIST to consider how to align its four-part publication series on controlled unclassified information to other frameworks, while also suggesting potential changes related to the Pentagon's Cybersecurity Maturity Model Certification program.

Daily News | September 23, 2022

Lawmakers are preparing to make changes to the "systemically important entities" proposal in the House version of the fiscal year 2023 defense authorization bill when it comes to the Senate floor for a vote next month, according to Cyberspace Solarium Commission leaders who responded to significant industry criticism at a recent event.

Daily News | September 23, 2022

The Cyberspace Solarium Commission has released its second annual report evaluating how Congress, agencies and the White House are implementing recommendations from the 2020 landmark report and subsequent white papers on important cyber topics.

Daily News | September 16, 2022

The Defense and Justice departments are urging the Federal Communications Commission to move forward with work to secure the Border Gateway Protocol in a new filing, which explains associated national security risks and argues against using a voluntary approach to address vulnerabilities.

Daily News | August 31, 2022

The Cybersecurity Maturity Model Certification Accreditation Body CEO Matthew Travis says he plans to update the CMMC assessment process guide, known as "the CAP," as more details come out from the Defense Department and partners at the National Institute of Standards and Technology on their plans for managed service providers and addressing reciprocity.

Daily News | August 30, 2022

The National Defense Industrial Association is seeking clarity from the accreditation body behind the Pentagon's cyber certification program on how managed service providers can be used to help companies reach compliance and address reciprocity.

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.