Sara Friedman

Sara Friedman joined Inside Cybersecurity in February 2020. Previously, she covered government IT for GCN and education technology for THE Journal and Campus Technology. She graduated from Ithaca College with bachelor’s degrees in journalism and politics.

Archived Articles
Daily News | November 11, 2021

The evolution of the Defense Department's Cybersecurity Maturity Model Certification program reflects a response to concerns from the defense industrial base, according to attorneys, who said recent major changes show the Pentagon is taking into account pre-existing mechanisms for contractor compliance with cyber standards and is considering how the program can be implemented effectively.

Daily News | November 10, 2021

Cyber leaders at the Defense Department provided an overview of key changes to their Cybersecurity Maturity Model Certification program, CMMC 2.0, at a "Town Hall" on Tuesday with details on upcoming rulemaking processes and how the effort will allow for more public engagement.

Daily News | November 5, 2021

The Defense Department is making changes to the oversight of its independent accreditation body as part of an update to the Cybersecurity Maturity Model Certification program, dubbed "CMMC 2.0," triggering new negotiations of the current no-cost contract between the two entities.

Daily News | October 19, 2021

An examination of the Pentagon’s cyber certification program is moving into a new phase with the internal review of the initiative complete, according to sources, who say recommendations are currently under consideration by DOD leadership.

Daily News | October 1, 2021

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has approved the first content created by a third-party partner publisher that will be used to teach assessors as part of the CMMC official assessor training program.

Daily News | September 28, 2021

A new industry advisory council for the Pentagon’s Cybersecurity Maturity Model Certification program is determining “rules of the road” for its work and “scope” of operations, according to council chair Yong-Gon Chon, who says early efforts have focused on evaluating “practice effectiveness” for controls in the CMMC model and examining small business issues.

Daily News | September 21, 2021

The National Defense Industrial Association has released a white paper urging the Pentagon to provide more clarity on the requirements contractors must meet to reach compliance with DOD’s cyber certification program, and to make other changes to help companies meet the program’s objectives.

Daily News | September 16, 2021

The Defense Department is not planning to release the final rule cementing the implementation of its Cybersecurity Maturity Model Certification program in September, due to an ongoing internal review expected to conclude toward the end of 2021.

The Insider | September 16, 2021

Leaders from the House Small Business oversight subcommittee are working to get an amendment into the fiscal year 2022 defense authorization bill that would direct the Pentagon to assess the small business impacts of the Defense Department's Cybersecurity Maturity Model Certification program.

Daily News | September 10, 2021

The Defense Department needs to become more transparent over its work on the Cybersecurity Maturity Model Certification program, according to an industry letter to Pentagon leaders raising concerns over a lack of communication and other issues.

Daily News | September 9, 2021

The Defense Contract Management Agency's process to conduct assessments for the Pentagon's Cybersecurity Maturity Model Certification program is adapting to meet the needs of stakeholders, according to Defense Department official John Ellis who provided an overview to Inside Cybersecurity on lessons learned in recent months.

Daily News | September 2, 2021

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has established new processes to speed the authorization of assessment organizations that want to become part of the CMMC ecosystem.

Daily News | September 1, 2021

Ellen Lord, former chief of the Pentagon's acquisition office, says the Cybersecurity Maturity Model Certification program should move forward with a focus on incorporating improvements as it develops, while the Biden administration needs to help the effort by appointing her replacement.

Daily News | August 13, 2021

The Cyberspace Solarium Commission's latest report focuses on setting up the body's recommendations for "sustained success," according to commission senior director Robert Morgus, who explained key priorities including the creation of a Bureau of Cyber Statistics and obtaining appropriations for other efforts at a Thursday event.

Daily News | August 6, 2021

Industry officials are frustrated by the Biden administration's pace for nominating and appointing key Defense Department positions such as under secretary for acquisition and sustainment, arguing the vacancies will likely slow regulatory and policy decisions for the Pentagon's cybersecurity certification program.

Daily News | July 29, 2021

The Cybersecurity Maturity Model Certification Accreditation Body is formalizing plans to launch the official program that will establish a pathway for assessors to become certified and expects classes to start in November, according to CMMC-AB training lead Melanie Kyle Gingrich.

The Insider | July 27, 2021

Former Pentagon leaders are urging the Defense Department to consider how the zero-trust concept could be used to strengthen technological security across the department, in a new report from a leading defense association.

Daily News | July 27, 2021

The Defense Department's work to complete the final rule for its cyber certification program has hit a snag in the review process, as officials work to provide a draft report to a key DOD regulations council.

Daily News | July 19, 2021

U.S. officials today attributed the Microsoft Exchange hack to Chinese entities as part of a coordinated effort by the Justice and State departments, Cybersecurity and Infrastructure Security Agency, intelligence agencies and international allies to detail how Chinese state-backed actors were able to infiltrate U.S. networks over the past few years and begin imposing consequences.

Daily News | July 12, 2021

Stakeholders watching the Pentagon's cyber certification program say they see an opportunity for reciprocity in a section of a May cyber executive order that calls for the modernization of a separate civilian agency certification program dedicated to authorizing services for government use from cloud service providers.

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.