Cybersecurity Challenges Facing the Nation – High Risk Issue
The federal government needs to take urgent actions to protect federal systems, the nation’s critical infrastructure, and individual’s privacy and sensitive data from cyber threats. https://www.gao.gov/key_issues/ensuring_security_federal_information_systems/issue_summary
A continuing webinar series from WPI:
Cyber Fridays @ 11:00 – 12:00 – register at www.wispro.org
- January 8, 2021 – Cyber Friday: The other side of CMMC – presented by Marc Violante, Wisconsin Procurement Institute
- January 22, 2021 – Cyber Friday: Overview of CMMC Level 1 – presented by Marc Violante, Wisconsin Procurement Institute
- February 5, 2021 – Cyber Friday: Embarking on the path to CMMC Level 3 – presented by Marc Violante, Wisconsin Procurement Institute
- February 19, 2021 – Cyber Friday: Preparing for a CMMC Certification assessment – presented by Marc Violante, Wisconsin Procurement Institute
- March 5, 2021 – Cyber Friday: CMMC Level 3 – Completing the steps needed to protect Controlled Unclassified Information – presented by Marc Violante, Wisconsin Procurement Institute
- March 19, 2021 – Cyber Friday: Managing Vendor Risk – presented by Marc Violante, Wisconsin Procurement Institute
- April 16, 2021 – Cyber Friday: Your Cyber Plan Cannot Be Static – Here’s Why! – presented by Marc Violante, Wisconsin Procurement Institute
- April 30, 2021 – Cyber Friday: Testing and Strengthening Your Cyber-Defenses Using Exercises – presented by Marc Violante, Wisconsin Procurement Institute
- May 14, 2021 – Cyber Friday: Corporate Acquisition, Insider threats, or Strategic Investments – All Threats to Consider – presented by Marc Violante, Wisconsin Procurement Institute
- May 28, 2021 – Cyber Friday: The Cybersecurity Plan Looks Great – presented by Marc Violante, Wisconsin Procurement Institute
- June 11, 2021 – Cyber Friday: Blockchain – presented by Marc Violante, Wisconsin Procurement Institute
- June 25, 2021 – Cyber Friday: The Role of Standardization in Cybersecurity Plans – presented by Marc Violante, Wisconsin Procurement Institute
CMMC Accreditation Body must split to meet requirements of new contract. The third-party accreditation body implementing the Department of Defense‘s new cybersecurity standards for contractors will split into two entities to meet international standards mandated through a no-cost contract it signed with the department last fall. https://www.fedscoop.com/cmmc-ab-requirements-sow-training-assessing/ [February 2021]
SP 800-172 Published February 2021 – Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171
This publication provides federal agencies with recommended enhanced security requirements for protecting the confidentiality of CUI: (1) when the information is resident in nonfederal systems and organizations; (2) when the nonfederal organization is not collecting or maintaining information on behalf of a federal agency or using or operating a system on behalf of an agency; and (3) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or government-wide policy for the CUI category listed in the CUI Registry. The enhanced requirements apply only to components of nonfederal systems that process, store, or transmit CUI or that provide security protection for such components when the designated CUI is associated with a critical program or high value asset. The enhanced requirements supplement the basic and derived security requirements in NIST Special Publication 800-171 and are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations. https://csrc.nist.gov/publications/detail/sp/800-172/final [February 2021]
The DoD has issued a final rule stating that the NISPOM will be codified in the CFR, effective February 24, 2021. The DoD will no longer issue DoD Manual 5220.22, and contractors will instead refer to the CFR to locate requirements for the protection of classified information. https://www.federalregister.gov/documents/2020/12/21/2020-27698/national-industrial-security-program-operating-manual-nispom [January 2021]
Cybersecurity Challenges Facing the Nation – High Risk Issue
The federal government needs to take urgent actions to protect federal systems, the nation’s critical infrastructure, and individuals’ privacy and sensitive data from cyber threats. https://www.gao.gov/key_issues/ensuring_security_federal_information_systems/issue_summary [January 2021]
(November 2020) Hack The Army 3.0 is set to begin. This third iteration, a collaboration between U.S. Army Cyber Command (ARCYBER), DDS, and the Army Network Enterprise Technology Command, will begin with participant registration and administration, followed by the active hacking phase that is scheduled to begin Dec. 14, 2020 and last until Jan. 28, 2021 or until funds are exhausted. ARCYBER officials are hoping to increase participation by military members, and are looking at ways to conduct more frequent bug bounty programs in the future. Learn More
Contractor Cybersecurity Requirements to affect primes, subs and suppliers
The Department of Defense issued an Interim Rule titled “Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)” on Tuesday, September 29, 2020.
The rule’s effective date is November 30, 2020 and will likely affect current and future contractors interested in conducting business with the Department of Defense either as prime contractors or as a member of the Defense Industrial Base’s supply chain when solicitations include DFARS 252.204-7012. More information here.
Implementation of the Section 889(a)(1)(B) Prohibition on Contracting with Entities Using Certain Telecommunications and Video Surveillance Services or Equipment. The purpose of this memorandum is to facilitate implementation of interim FAR rule 2019-009, published on July 14, 2020, and effective on August 13, 2020.
The National Institute for Standards and Technology released the draft of NIST Special Publication 800-172 (“NIST SP 800-172”) on July 6, 2020. This draft special publication succeeds the prior draft NIST SP 800-171B that NIST published in June 2019, and operates as a supplement to the NIST SP 800-171 controls that federal contractors generally must comply with in order to transmit, process, and store Controlled Unclassified Information (“CUI”). [August 2020]
The National Security Agency released a Limiting Location Data Exposure Cybersecurity Information Sheet (CSI) today to guide National Security System (NSS) and Department of Defense (DoD) mobile device users on how they might reduce risk associated with sharing sensitive location data. The guide summarizes how and why mobile devices expose location data and explains potential risk that comes with using them. It provides mitigations to limit the sharing of this information, but warns there is no solution to fully mitigate a mobile device from being located. [August 2020]
Multi-Factor Authentication Replaces Digital Certification and PIN Requirements for Signing Mass Mods on Aug. 8, 2020. Attention contract holders! Updates to GSA’s IT infrastructure mean changes to the way you access our Mass Mod Portal.
This publication has been developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA), 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems. Such information security standards and guidelines shall not apply to national security systems without the express approval of the appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130.