Sara Friedman

Sara Friedman joined Inside Cybersecurity in February 2020. Previously, she covered government IT for GCN and education technology for THE Journal and Campus Technology. She graduated from Ithaca College with bachelor’s degrees in journalism and politics.

Archived Articles
Daily News | September 9, 2021

The Defense Contract Management Agency's process to conduct assessments for the Pentagon's Cybersecurity Maturity Model Certification program is adapting to meet the needs of stakeholders, according to Defense Department official John Ellis who provided an overview to Inside Cybersecurity on lessons learned in recent months.

Daily News | September 2, 2021

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has established new processes to speed the authorization of assessment organizations that want to become part of the CMMC ecosystem.

Daily News | September 1, 2021

Ellen Lord, former chief of the Pentagon's acquisition office, says the Cybersecurity Maturity Model Certification program should move forward with a focus on incorporating improvements as it develops, while the Biden administration needs to help the effort by appointing her replacement.

Daily News | August 13, 2021

The Cyberspace Solarium Commission's latest report focuses on setting up the body's recommendations for "sustained success," according to commission senior director Robert Morgus, who explained key priorities including the creation of a Bureau of Cyber Statistics and obtaining appropriations for other efforts at a Thursday event.

Daily News | August 6, 2021

Industry officials are frustrated by the Biden administration's pace for nominating and appointing key Defense Department positions such as under secretary for acquisition and sustainment, arguing the vacancies will likely slow regulatory and policy decisions for the Pentagon's cybersecurity certification program.

Daily News | July 29, 2021

The Cybersecurity Maturity Model Certification Accreditation Body is formalizing plans to launch the official program that will establish a pathway for assessors to become certified and expects classes to start in November, according to CMMC-AB training lead Melanie Kyle Gingrich.

The Insider | July 27, 2021

Former Pentagon leaders are urging the Defense Department to consider how the zero-trust concept could be used to strengthen technological security across the department, in a new report from a leading defense association.

Daily News | July 27, 2021

The Defense Department's work to complete the final rule for its cyber certification program has hit a snag in the review process, as officials work to provide a draft report to a key DOD regulations council.

Daily News | July 19, 2021

U.S. officials today attributed the Microsoft Exchange hack to Chinese entities as part of a coordinated effort by the Justice and State departments, Cybersecurity and Infrastructure Security Agency, intelligence agencies and international allies to detail how Chinese state-backed actors were able to infiltrate U.S. networks over the past few years and begin imposing consequences.

Daily News | July 12, 2021

Stakeholders watching the Pentagon's cyber certification program say they see an opportunity for reciprocity in a section of a May cyber executive order that calls for the modernization of a separate civilian agency certification program dedicated to authorizing services for government use from cloud service providers.

Daily News | July 2, 2021

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is moving quickly to get the first assessment organizations prepared to conduct audits, according to CMMC-AB CEO Matthew Travis, who says he understands industry concerns over delays and how to scale the program under the initial timeline set by the Defense Department.

Daily News | June 29, 2021

Microsoft is working to provide documentation for its managed security service provider partners and cloud users who want to get ready for assessment under the Pentagon's Cybersecurity Maturity Model Certification program, according to a company executive.

Daily News | June 23, 2021

The internal review of the Defense Department's Cybersecurity Maturity Model Certification program is aimed at helping small businesses meet the department's objectives for cyber readiness, while also making potential policy changes to clarify implementation, according to Pentagon industrial policy leader Jesse Salazar.

Daily News | June 17, 2021

Cybersecurity Maturity Model Certification Accreditation Body board Chairman Karlton Johnson says his organization is not slowing down its activities in support of the Defense Department's cyber certification program, and denied reports that the CMMC-AB is taking a "strategic pause" during ongoing governmental reviews of the program.

The Insider | June 17, 2021

The Defense Department expects to issue the final rule to implement its Cybersecurity Maturity Model Certification program in September, according to a recent update from the Office of Management and Budget.

Daily News | June 10, 2021

The first authorized, certified third-party assessment organization has entered the marketplace to conduct official audits for defense contractors who want to become certified under the Pentagon's Cybersecurity Maturity Model Certification program.

Daily News | June 10, 2021

The independent accreditation body behind the Defense Department's Cybersecurity Maturity Model Certification program is looking for an individual to serve as "Director of Security and Compliance," a new position created to liaise with the Pentagon on security matters and the latest move by the accreditation authority to transition to a full-time professional staff.

The Insider | June 2, 2021

The Intelligence and National Security Alliance says a proposed Defense Department cyber threat hunting program should include liability protections for defense industrial base companies and support to help small businesses participate.

Daily News | May 24, 2021

Final regulations for the Pentagon's cyber certification program are expected in the fall with potentially substantial policy and structural changes, says contracting attorney Robert Metzger, who suggests adjustments to the interim final rule make sense given the intense scrutiny on the program and leadership changes at DOD.

The Insider | May 21, 2021

The National Security Agency is taking up its mandate to establish capabilities for robust information sharing between industry and government as part of the Biden executive order designed to bolster the security of federal networks and strengthen relationships with industry.

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.