September 9, 2020

On September 4, 2020, President Trump signed Space Policy Directive-5 (SPD-5), which establishes a set of cybersecurity principles designed to protect the nation's valuable "space systems" from a host of cyber threats aimed at disrupting our Nations critical infrastructure.

As defined in SPD-5, "space systems" is a "combination of systems, to include ground systems, sensor networks, and one or more space vehicles, that provides a space-based service. A space system typically has three segments: a...

May 26, 2020

The Verizon 2020 Data Breach Investigations Report ("DBIR") is here.  In this 13th DBIR, Verizon analyzed a record total of 157,525 incidents, of which 32,002 met their quality standards and 3,950 were confirmed data breaches. 

Before we dive into some the data, here are some helpful definitions:

  • Threat actor: Who is behind the event? This could be the external “bad guy” that launches a phishing campaign or an employee who leaves sensitive documents in their seat-back...

May 11, 2020

For some small businesses, securing your information systems (and your proprietary data) might seem complicated and expensive, but it doesn't have to be.  After all, cybersecurity can simply be described as implementing practices, procedures, and technologies to protect the confidentiality, integrity, and availability of data (i.e., to help prevent unauthorized access to data and cyberattacks).

A cybersecurity program can begin with, for example, creating i...

April 8, 2020

Today, the U.S. Cybersecurity and Infrastructure Security Agency ("CISA") published a joint advisory with the UK’s National Cyber Security Centre ("NCSC") in light of cybercriminals exploiting the COVID-19 pandemic by targeting individuals and organizations with a range of ransomware and malware.

According to the joint advisory, some examples include scams with "emails containing malware which appear to have come from the Director-General of the World Health Organization (WHO), and others wh...

March 20, 2020

Today, the Department of Defense ("DoD") released Version 1.02 of its Cybersecurity Maturity Model Certification ("CMMC"), dated March 18, 2020.  According to the CMMC Errata, all fifteen changes were termed "Administrative" changes (as opposed to "Substantive" or "Critical" changes).  Some of the Administrative changes include, for example:

  • In practice AT.4.059, the references to NIST SP 800-53 Rev 4 AT-2(3), AT-2(4), AT-2(6), AT-2(7) were removed.

  • In practice C...

December 16, 2019

The Department of Defense ("DoD") recently published its Draft Cybersecurity Maturity Model Certification ("CMMC") Version 0.7 (dated December 6, 2019). DoD posted the following note with the release:

DoD is releasing this latest version (v0.7) so that the public can review the draft model and begin to prepare for the eventual CMMC roll out. This document includes CMMC Levels 1-5 as well as the associated discussion and clarification for a subset of practices and processes in Appendices B - E.

CMM...

November 8, 2019

Today, the Department of Defense ("DoD") posted its Draft Cybersecurity Maturity Model Certification ("CMMC") Version 0.6 (dated November 7, 2019).  DoD posted the following note with today's release:

DoD is releasing this latest version so that the public can review the draft model and begin to prepare for the eventual CMMC roll out. This document includes CMMC Levels 1 - 3 of the latest version of the CMMC Model (Appendix A) with clarifications for CMMC Level 1 in Appendix B. The updates to CMM...

September 5, 2019

Yesterday, the Department of Defense (DoD) published its Cybersecurity Maturity Model Certification (CMMC) Draft Version 0.4 (dated August 30, 2019). [1]  

As many government contractors are aware, DoD is creating the CMMC to help shore up defense industrial base cybersecurity by way of third-party audits of contractor information systems regarding NIST SP 800-171 compliance.  Defense contractors are obligated to implement the NIST SP 800-171 controls to protect covered defense information in DoD...

June 23, 2019

The Department of Defense (DoD) will likely publish a draft Cybersecurity Maturity Model Certification (CMMC) standard sometime this summer (see here and here). While much focus has been on how the CMMC will help shore up defense industrial base (DIB) cybersecurity—i.e., as the enforcement mechanism for DFARS 7012/NIST SP 800-171 compliance via third-party audits––DoD also must address the process of how agency personnel will select the CMMC “go/no-go” threshold for set-aside procureme...

June 8, 2019

DoD to propose Cybersecurity Maturity Model Certification (CMMC)––via third-party audit––and it will add another layer to defense contractor cybersecurity compliance.

It appears that the CMMC will be comprised of five levels, ranging from basic to "State-of-the-Art." In addition, the article reports that, "DoD contracts will require specific levels — and awards will be 'go/no-go' based on the contractor’s certification status."

. . .

Article: https://sera-brynn.com/pentagon-to-unveil-new-cybersec...

Please reload

About GovConJudicata

Welcome to GovConJudicata an informational blog/website focusing on government contracts issues, including bid protests (e.g., GAO, COFC), claims, disputes, SBA matters, compliance, regulatory, and cyber (e.g., DFARS, NIST SP 800-171, CMMC).

GovConJudicata is published by Joshua Duvall, managing partner at Matross Edwards, a law firm providing government contracts and cybersecurity legal services to small and mid-sized businesses.

Contact Matross Edwards
Search By Tags
Please reload

Connect
  • LinkedIn
  • Twitter
  • Podcast
  • Spotify
  • TuneIn
  • Apple

Copyright © 2020 Joshua B. Duvall. All rights reserved.

GovConJudicata™ #govconjudicata

CyberJudicata™ #cyberjudicata

LegalJudicata™ #legaljudicata