Compliance Fatigue: Why Companies Hesitate to Invest in NIST SP 800-171 and the Cybersecurity Maturity Model Certification (CMMC)
In today’s rapidly evolving cybersecurity landscape, achieving compliance with regulatory frameworks such as the Cybersecurity Maturity Model Certification (CMMC) has become increasingly critical for organizations, particularly those engaged with the Department of Defense (DoD) and its supply chain. However, despite the pressing need for robust cybersecurity measures, many companies hesitate to invest in CMMC compliance. […]
Strengthening American Cybersecurity
Happy Monday and thanks for tuning in to this week’s segment of Mondays with Miranda! Last week, on March 15th, President Biden signed into law the new Strengthening American Cybersecurity Act, which includes new cybersecurity incident reporting mandates for operators of federal infrastructure and federal civilian agencies. Those affected agencies will now be required to […]
CMMC Third-Party Assessments
Happy Monday and Valentine’s Day! Thanks for tuning in to this week’s segment of Mondays with Miranda. Last week, Deputy DoD CIO David McKeown said that after further analysis, the DoD’s initial plan of “bifurcating” requirements for approximately 80,000 contractors that handle CUI, is no longer able to happen. They will now be requiring third-party […]
CMMC Program Changes – CMMC 2.0
Happy Monday, and thanks for tuning in to this week’s segment of Mondays with Miranda! Last week, the DoD announced major changes to the Cybersecurity Maturity Model Certification (CMMC) with the release of the CMMC 2.0 program. The goal of the new program is to simplify CMMC and strengthen the cybersecurity of the Defense Industrial […]
U.S. Department of Justice Launches Civil Cyber-Fraud Initiative
Happy Monday, and thanks for tuning in to this week’s segment of Mondays with Miranda! In recent news, Deputy Attorney General Lisa O. Monaco announced the launch of the Justice department’s Civil Cyber-Fraud Initiative. Monaco said last week, “We are announcing today that we will use our civil enforcement tools to pursue companies, those who […]
NIST Releases “Ransomware Profile” & Pentagon Reviews CMMC Program
Happy Monday, and thanks for tuning in to this week’s segment of Mondays with Miranda! In this week’s news, the National Institute of Standards and Technology (NIST) just released a new cybersecurity framework for ransomware risk management. The “Ransomware Profile” identifies actions that organizations can take to prevent, respond, and recover from ransomware events. NIST […]
Recent Ransomware Attack & New CMMC Member
Happy Tuesday, and thanks for tuning in to this week’s segment of Mondays with Miranda. I hope everyone had an awesome Independence Day weekend! Last week, about 1500 businesses were affected by the Kaseya ransomware attack. Although it has been said that only a small number of Kaseya’s direct customers were affected, many of those […]
CMMC AB Authorizes First Certified Third-Party Assessment Organization
Happy Monday, and thanks for tuning into this week’s segment of Mondays with Miranda! First things first, don’t forget to register for our webinar this week! On Wed, Jun 16th from 6:30 PM to 8:00 PM EDT, we will be discussing an effective way to “Bulletproof” your network and your reputation. All your questions on […]
President Releases Executive Order on Cybersecurity; CMMC-AB On Path to Approve First Assessor
Happy Monday, and thanks for tuning in to this week’s segment of Mondays with Miranda! Last week, President Biden released an executive order which focuses primarily on improving cybersecurity within the federal government. Essentially, the executive order states that software sold to the federal government will need to comply with strict standards within six months. […]
CMMC AB Appoints First CEO & Launches Industry Advisory Council
Happy Monday, and thanks for tuning into this week’s segment of Mondays with Miranda! In recent cybersecurity news, there have been reports of personal data being scraped from more than 500 million LinkedIn users and posted for sale online. This comes not too long after Facebook’s similar incident of personal data being leaked from more […]
CMMC Spreading Throughout Federal Agencies
Happy Monday, and thanks for tuning into this week’s segment of Mondays with Miranda! Solarwinds has become the talk of the (cyber) town, as news has just been released stating that NASA and the FAA are also victims of the recent cyber attack. The attack hit nine U.S. government agencies and about 100 private companies, […]
CMMC, Solarwinds, & Other Updates
Happy Monday, and thanks for tuning into Mondays with Miranda! Over the past few months there have been talks about Pathfinder/Pilot programs, SPRS, and the DoD requiring vendors to self-attest which security controls in NIST SP 800-171 they are compliant with. Let’s start by talking about these Pathfinder/Pilot programs. In short, there are seven specific […]
Updated 8(a) STARS III RFP to Include CMMC
Happy Monday! In today’s exciting news, the GSA recently released the updated 8(a) STARS III RFP, which includes CMMC. According to JD Supra, “as part of each offeror’s Supply Chain Risk Management Plan, the 8(a) STARS III RFP requires the offeror to address 1) their intent to obtain CMMC, 2) their target certification level, and […]
CMMC as a Standard for Non-Defense Contractors in the Future
Happy Monday – I hope everyone is staying safe and healthy out there! Last week, Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said that the CMMC (Cybersecurity Maturity Model Certification) could eventually become a standard for non-defense contractors. Arrington also said that CMMC could also eventually become a part of international standards. In […]
Pentagon Training CMMC Auditors for April
Happy Monday! Last week, Microsoft warned users of a ‘devastating’ cybersecurity threat that is continuing to grow. Microsoft’s threat protection intelligence team stated that “one type of ransomware attack poses a significant and growing threat, particularly to business users, calling it one of the most impactful trends in cyberattacks.” The type of ransomware attack that […]
NIST SP 800-171 Revision 2 Release
Happy Monday! Last week, NIST SP 800-171 Revision 2 was finally released and you can view the document here. In other news, personal data of over 10 million hotel guests that was leaked in 2017, was just recently posted for sale on the Dark Web. Among the leaked guest records were a few big-name “celebrities” […]
CMMC Version 1.0 Released
Happy Monday! Last week, CMMC (Cybersecurity Maturity Model Certification) version 1.0 was released. If you would like to view the document, you can click here. The CMMC Accreditation Body (CMMC-AB) was recently established as well, and you can view the board of directors here. In other news, a Raytheon engineer was arrested by the FBI […]
U.S. Taking Steps to Prevent Cyber Attacks at a State Level
Happy Monday! Last week, a Texas School District lost $2.3 million to a phishing attack. The incident involved three transactions sent over the course of one month. The school district did not realize until after the third transaction that the bank account information had been tampered with, and the account on the receiving end was […]
DoD Names Chair for CMMC Program
Happy Monday! Last week, the Consumer Electronics Show (CES) began during a cyber attack that hit Las Vegas. City officials have been actively working to determine where the attack began. As of now, officials are saying that the attack began with a malicious link in a city employee’s email. This breach comes during the issues […]
Ryuk Ransomware and FDPL Website Hack
Happy Monday! Last week, a Ryuk ransomware attack took down the entire IT network of a Maritime Transportation Security Act (MTSA) regulated facility. The United States Coast Guard stated that the cause of the attack most likely began with a phishing email. Operations at the facility were reportedly shut down for over 30 hours and […]
New Cybersecurity Laws & Smartphone Location Data
Happy Monday, and happy (almost) New Year! In today’s news, new cybersecurity laws, called “Insurance Data Security Laws,” were just passed about a week ago, and will take effect in CT on October 1, 2020, and in NH on January 1, 2021. The laws will “affect insurance carriers, producers, and other businesses licensed by the […]
Microsoft Windows 7 and Windows Server 2008 End-Of-Life
Happy Monday and happy holidays! I’ve got some interesting news to start off this holiday week. First, Microsoft will no longer support Windows 7, Windows Server 2008, and Windows Server 2008 R2 after January 14th, 2020. These systems have reached their end-of-life mark and this means that Microsoft will no longer provide security updates or […]
CMMC Draft Version 0.7
Happy Monday! CMMC or the Cybersecurity Maturity Model Certification released draft version 0.7 last week. You can view the document here. The new draft includes levels 4 & 5 of the CMMC, as the previous draft versions did not. Last week, the city of Pensacola, FL was hit by a cyber attack just days after […]
CMMC & The Effect on Small Business
Happy Monday! Yesterday, the U.S. Department of Defense posted an article regarding the CMMC (Cybersecurity Maturity Model Certification) and discussed how they will be helping small companies meet the cybersecurity requirements. Ellen Lord, the undersecretary of defense for acquisition and sustainment, said “We are not going to put small companies out of business. We need […]
SHIELD Act & Vulnerable Cybersecurity Solutions
Happy Monday! Recently, the SHIELD (Stop Hacks and Improve Electronic Data Security) Act was signed into law in the state of New York. The law will affect “all businesses who work within New York, as well as those who collect, process or control personal information of New York residents.” The breach notification law updates were […]
New CMMC Draft & Facebook Privacy Issues
Happy Monday! If you haven’t seen yet, be sure to take a look at the CMMC (Cybersecurity Maturity Model Certification) draft version 0.6 that was released last week. We’re getting closer to 2020, which is when the final version is set to release, and audits are going to begin for all companies holding government contracts. […]
Cloud Contracts & CMMC Drafts
Happy Monday! Last week, you probably heard about the $10 billion contract that Microsoft was awarded by the Pentagon involving the DoD’s cloud computing services. Microsoft was awarded a 10 year contract, called the Joint Enterprise Defense Infrastructure cloud contract, which came as a surprise to many, as it was expected to be awarded to […]
Are Online “Selfies” Safe?
Happy Monday! Recently, LinkedIn members have noticed an uptick of suspicious direct messages on their accounts, mostly coming from “friends.” The messages have been containing malicious links of some sort, in one case, a link for a job opening with the message asking if the person was interested in applying. In that case, the recipient […]
Cybersecurity Awareness Month: Two-Factor Authentication
Happy TUESDAY! I hope everyone enjoyed the holiday yesterday. Last week, the NeQter Labs team attended two events: the NDIA New England 4th Annual Cyber Event and the SENEDIA Tech Talk: Cybersecurity Maturity Model Process. Thanks to everyone who came out and spoke with us! In light of Cybersecurity Awareness Month, the FBI recently warned […]
Ransomware Strikes Again…
Happy Monday! Last week, NeQter Labs’ CEO, Richard Astle, was a finalist in the Cox Business Get Started RI Pitch Competition. We want to thank everyone who came out to support NeQter Labs, and let you know that we are grateful to have been given the opportunity to present. In this week’s news, National Defense […]
U.S. Electrical Grid More Vulnerable Than Ever
Hey guys, it’s Monday again! Just a quick reminder, our CEO, Richard Astle, is a finalist in the Cox Business News 2019 Get Started Rhode Island event on October 2nd, 2019. This event is a “shark tank” type of competition between startup business leaders to pitch their ideas in front of an audience and a […]
Insider Threat & Password Vulnerability
Happy Monday! Just a reminder, our CEO, Richard Astle, is a finalist in the Cox Business News 2019 Get Started Rhode Island event on October 2nd, 2019. This event is a “shark tank” type of competition between startup business leaders to pitch their ideas in front of an audience and a panel of judges. NeQter […]
Tech CEO Vulnerable to Hackers
Happy Monday! The Department of Defense just released a new draft of the CMMC (Cybersecurity Maturity Model Certification) for all contractors. The CMMC is going to be used as a simpler way to ensure all contractors and subcontractors comply with cybersecurity frameworks such as the NIST SP 800-171. The CMMC audits will begin sometime early […]
Cyber Attacks Targeting Cities
Happy Monday! As a reminder, NeQter Labs’ CEO will be sitting on the panel at the North Kingstown Chamber of Commerce Cybersecurity event on September 12th, 2019 at 4:00 P.M. Register online here ASAP if you want to attend! We can’t wait to see you! In a world filled with technology, cyber attacks are really […]
Ransomware, Security Flaws, & Hackers… Oh My
Happy Monday! These past few weeks we have seen numerous breaches and hacks, and to no surprise, here we are again. Yesterday, reports came out stating that twenty-three Texas governments were infected with ransomware. The attack occurred on August 16th, and emergency responders are still actively working to bring those systems back online. Although no […]
The Flaw that Affects Us All
Happy Monday! Early next month our CEO, Richard Astle, is going to be a panelist at the North Kingstown Chamber of Commerce Cybersecurity event. The event will take place on September 12th at 4:00 P.M, at the Quonset O Club in North Kingstown, RI. If you’d like to attend, register online here. In other news, […]
DoD Announces New CMMC Program—and It’s Great News for Small Contractors
We’ve expected for some time that the Department of Defense was going to step up its efforts to move away from self-attestation and start enforcing cybersecurity compliance among defense contractors. Now—just like that—it’s a reality.
Breaches, False Claims, and More Breaches
Happy Monday! Last week, a few of our team members came back from the 2019 Navy Gold Coast Small Business Procurement Event in San Diego, CA. While at the conference, we learned so much about the new CMMC (Cybersecurity Maturity Model Certification) that is going to be rolled out soon. Although this is super exciting […]
Five NIST & DFARS Questions With Christopher Michaud
PBN: What are some of the specialized DoD subcontractors that can benefit from the NeQter Labs Compliance Engine?
Repercussions of Not Becoming NIST Compliant
On Friday, June 8, 2018, it was announced that Chinese government hackers compromised a Navy contractor’s internal network.