Cyber Security



Cyber Friday Web Series @ 11:00 – 12:00 – register at 

  • September 11 – Cyber Friday: A Deep Dive into DFARS 252.204-7012 – Looking beyond NIST 800-171 r1
  • September 25 – Cyber Friday: Information Security – An overview of programs, general requirements and resources
  • October 9 – Cyber Friday: Economic Espionage – You have what they want
  • October 23 – Cyber Friday: Guarding and Securing Intangibles – Protecting what you cannot see and touch
  • November 6 – Cyber Friday: Tools, Practices and Resources for Your Cyber-Security Toolbox
  • November 20 – Cyber Friday: An Overview of Cyber-Threats – What you can’t see – can put you out of business!
  • December 4 – Cyber Friday: Securing the Supply Chain – “No man is an island”
  • December 18 – Cyber Friday: Developing and Implementing Practices, Policies and Procedures Using CMMC Reference Documents
  • January 8, 2021 – Cyber Friday: The Other Side of CMMC
  • January 22, 2021 – Cyber Friday: Overview of CMMC Level 1
  • February 5, 2021 – Cyber Friday: Embarking on the Path to CMMC Level 3
  • February 19, 2021 – Cyber Friday: Preparing for a CMMC Certification Assessment
  • March 5, 2021 – Cyber Friday: CMMC Level 3 – Completing the Steps Needed to Protect Controlled Unclassified Information

(November 2020) Hack The Army 3.0 is set to begin. This third iteration, a collaboration between U.S. Army Cyber Command (ARCYBER), DDS, and the Army Network Enterprise Technology Command, will begin with participant registration and administration, followed by the active hacking phase that is scheduled to begin Dec. 14, 2020 and last until Jan. 28, 2021 or until funds are exhausted. ARCYBER officials are hoping to increase participation by military members, and are looking at ways to conduct more frequent bug bounty programs in the future. Learn More

Contractor Cybersecurity Requirements to affect primes, subs and suppliers

The Department of Defense issued an Interim Rule titled “Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)” on Tuesday, September 29, 2020.

The rule’s effective date is November 30, 2020 and will likely affect current and future contractors interested in conducting business with the Department of Defense either as prime contractors or as a member of the Defense Industrial Base’s supply chain when solicitations include DFARS 252.204-7012. More information here.

Implementation of the Section 889(a)(1)(B) Prohibition on Contracting with Entities Using Certain Telecommunications and Video Surveillance Services or Equipment. The purpose of this memorandum is to facilitate implementation of interim FAR rule 2019-009, published on July 14, 2020, and effective on August 13, 2020.

The National Institute for Standards and Technology released the draft of NIST Special Publication 800-172 (“NIST SP 800-172”) on July 6, 2020. This draft special publication succeeds the prior draft NIST SP 800-171B that NIST published in June 2019, and operates as a supplement to the NIST SP 800-171 controls that federal contractors generally must comply with in order to transmit, process, and store Controlled Unclassified Information (“CUI”). [August 2020]

The National Security Agency released a Limiting Location Data Exposure Cybersecurity Information Sheet (CSI) today to guide National Security System (NSS) and Department of Defense (DoD) mobile device users on how they might reduce risk associated with sharing sensitive location data. The guide summarizes how and why mobile devices expose location data and explains potential risk that comes with using them. It provides mitigations to limit the sharing of this information, but warns there is no solution to fully mitigate a mobile device from being located. [August 2020]

Multi-Factor Authentication Replaces Digital Certification and PIN Requirements for Signing Mass Mods on Aug. 8, 2020. Attention contract holders! Updates to GSA’s IT infrastructure mean changes to the way you access our Mass Mod Portal.

NIST Special Publication 800-171 Revision 2 – Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations [Feb 2020]

This publication has been developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA), 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems. Such information security standards and guidelines shall not apply to national security systems without the express approval of the appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130.