Sara Friedman

Sara Friedman joined Inside Cybersecurity in February 2020. Previously, she covered government IT for GCN and education technology for THE Journal and Campus Technology. She graduated from Ithaca College with bachelor’s degrees in journalism and politics.

Connections
Archived Articles
Daily News | February 2, 2023

Matthew Travis, CEO of the accreditation body behind the CMMC program, says he is encouraged by the Pentagon's "commitment" to move forward with establishing a cyber certification initiative for defense contractors, despite a potential shift in the rulemaking timeline.

Daily News | January 30, 2023

The accreditation body behind the Pentagon's cyber certification program has published a detailed spreadsheet outlining comments from stakeholders on the group's first assessment process guide.

Daily News | January 23, 2023

Companies should continue preparing for the launch of the Pentagon's Cybersecurity Maturity Model Certification program as the process to finalize rulemaking continues, according to program director Stacy Bostjanick, who spoke with Inside Cybersecurity in a wide-ranging interview.

Daily News | January 17, 2023

Leaders from the defense industrial base are urging the Cybersecurity and Infrastructure Security Agency to consolidate how it will collect mandatory incident reports from the sector into a single "channel" where information is shared between the Defense Department and CISA.

Daily News | January 10, 2023

Full implementation of the Pentagon's Cybersecurity Maturity Model Certification program for defense contractors will likely shift to 2024 based on revised estimates from the Defense Department in the fall 2022 unified agenda, which indicates two proposed rules are expected for release in the coming months.

Daily News | January 5, 2023

Multiple agencies are expected to act on incident reporting requirements in the new year as work to digest industry feedback continues at the Securities and Exchange Commission and Cybersecurity and Infrastructure Security Agency, while changes to federal acquisition regulations from the 2021 cyber executive order are coming along with the release of the long-awaited national cyber strategy.

Daily News | December 21, 2022

The Pentagon is planning to submit the first rulemaking under its cyber certification program in January for review by the White House Office of Management and Budget, according to a Defense Department spokeswoman, shifting the official launch timeframe farther down the road than previously expected.

Daily News | December 16, 2022

A recent guide from the National Defense Information Sharing and Analysis Center is designed to assist small and medium-size businesses with choosing a managed service provider to help reach compliance with the Pentagon's Cybersecurity Maturity Model Certification program.

Daily News | December 7, 2022

Defense contractors are having trouble complying with current cyber standards put in place in 2017, according to a recent industry survey, which puts a spotlight on the defense industrial base preparedness for the Cybersecurity Maturity Model Certification program.

Daily News | December 6, 2022

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is touting its progress over the past year in growing the CMMC ecosystem, while noting the number of consultants registered with the non-profit has declined due to ongoing work at the Defense Department to finalize regulations and kick off the formal program.

Daily News | November 29, 2022

A coalition of industry groups is pushing for Senate Armed Services Committee leadership to drop an amendment from the fiscal year 2023 defense authorization bill that would extend the current ban on federal contractors using equipment and services from Huawei and ZTE to include three Chinese semiconductor companies.

Daily News | November 28, 2022

A coalition of industry groups is urging congressional leaders to remove a provision in the Senate version of the fiscal year 2023 defense authorization bill that would direct the Defense Department to require a Software Bill of Materials from defense contractors.

Daily News | November 15, 2022

A new report from the Government Accountability Office finds significant deficiencies in how the Pentagon collects and uses cyber incident reporting data from the defense industrial base required under Defense Department policy.

Daily News | November 11, 2022

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence is revealing details for an upcoming project on securing the software supply chain using a DevSecOps implementation approach.

Daily News | November 10, 2022

Cybersecurity Maturity Model Certification program Director Stacy Bostjanick urged defense companies to get prepared for assessment under the CMMC effort, as the process to finalize version 2.0 changes gets closer to fruition.

Daily News | October 27, 2022

Defense contractors should not wait until the launch of the Cybersecurity Maturity Model Certification program to reach compliance with the Pentagon's cyber standard for handling of controlled unclassified information, according to Defense Department officials.

Daily News | October 21, 2022

The Pentagon's upcoming zero-trust strategy will look at implementation across the Defense Department's "enterprise," according to Microsoft Federal Security Chief Technology Officer Steve Faehl, which he says differs from the approach on the civilian side of government and allows for increased coordination among the military services.

Daily News | October 18, 2022

BSA-The Software Alliance wants the House and Senate to sort out diverging proposals on Software Bill of Materials contained each in chamber's version of this year's annual defense policy bill, and calls for an approach that goes across government rather than focusing just on the Homeland Security or Defense departments.

Daily News | October 6, 2022

The National Institute of Standards and Technology's update to the Special Publication 800-171 series should include guidance on Software Bill of Materials in regards to how contractors are handling the use of controlled unclassified information held on nonfederal systems, according to recent feedback from the Defense Department and the National Security Agency.

Daily News | October 3, 2022

CTIA, a telecom group advocating for wireless providers, is urging the National Institute of Standards and Technology to align updates to the controlled unclassified information series to the Pentagon's Cybersecurity Maturity Model Certification program, demonstrating support for an initiative that's typically the focus of defense and tech sector stakeholders.

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.