CMMC, Solarwinds, & Other Updates
Happy Monday, and thanks for tuning into Mondays with Miranda! Over the past few months there have been talks about Pathfinder/Pilot programs, SPRS, and the DoD requiring vendors to self-attest which security controls in NIST SP 800-171 they are compliant with. Let’s start by talking about these Pathfinder/Pilot programs. In short, there are seven specific […]
Updated 8(a) STARS III RFP to Include CMMC
Happy Monday! In today’s exciting news, the GSA recently released the updated 8(a) STARS III RFP, which includes CMMC. According to JD Supra, “as part of each offeror’s Supply Chain Risk Management Plan, the 8(a) STARS III RFP requires the offeror to address 1) their intent to obtain CMMC, 2) their target certification level, and […]
CMMC as a Standard for Non-Defense Contractors in the Future
Happy Monday – I hope everyone is staying safe and healthy out there! Last week, Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said that the CMMC (Cybersecurity Maturity Model Certification) could eventually become a standard for non-defense contractors. Arrington also said that CMMC could also eventually become a part of international standards. In […]
Pentagon Training CMMC Auditors for April
Happy Monday! Last week, Microsoft warned users of a ‘devastating’ cybersecurity threat that is continuing to grow. Microsoft’s threat protection intelligence team stated that “one type of ransomware attack poses a significant and growing threat, particularly to business users, calling it one of the most impactful trends in cyberattacks.” The type of ransomware attack that […]
NIST SP 800-171 Revision 2 Release
Happy Monday! Last week, NIST SP 800-171 Revision 2 was finally released and you can view the document here. In other news, personal data of over 10 million hotel guests that was leaked in 2017, was just recently posted for sale on the Dark Web. Among the leaked guest records were a few big-name “celebrities” […]
CMMC Version 1.0 Released
Happy Monday! Last week, CMMC (Cybersecurity Maturity Model Certification) version 1.0 was released. If you would like to view the document, you can click here. The CMMC Accreditation Body (CMMC-AB) was recently established as well, and you can view the board of directors here. In other news, a Raytheon engineer was arrested by the FBI […]
U.S. Taking Steps to Prevent Cyber Attacks at a State Level
Happy Monday! Last week, a Texas School District lost $2.3 million to a phishing attack. The incident involved three transactions sent over the course of one month. The school district did not realize until after the third transaction that the bank account information had been tampered with, and the account on the receiving end was […]
DoD Names Chair for CMMC Program
Happy Monday! Last week, the Consumer Electronics Show (CES) began during a cyber attack that hit Las Vegas. City officials have been actively working to determine where the attack began. As of now, officials are saying that the attack began with a malicious link in a city employee’s email. This breach comes during the issues […]
Ryuk Ransomware and FDPL Website Hack
Happy Monday! Last week, a Ryuk ransomware attack took down the entire IT network of a Maritime Transportation Security Act (MTSA) regulated facility. The United States Coast Guard stated that the cause of the attack most likely began with a phishing email. Operations at the facility were reportedly shut down for over 30 hours and […]
New Cybersecurity Laws & Smartphone Location Data
Happy Monday, and happy (almost) New Year! In today’s news, new cybersecurity laws, called “Insurance Data Security Laws,” were just passed about a week ago, and will take effect in CT on October 1, 2020, and in NH on January 1, 2021. The laws will “affect insurance carriers, producers, and other businesses licensed by the […]