CMMC, Solarwinds, & Other Updates
Happy Monday, and thanks for tuning into Mondays with Miranda!
Over the past few months there have been talks about Pathfinder/Pilot programs, SPRS, and the DoD requiring vendors to self-attest which security controls in NIST SP 800-171 they are compliant with. Let’s start by talking about these Pathfinder/Pilot programs. In short, there are seven specific contracts that are being considered for initial test cases for the CMMC program and who will be assessed earlier than anyone else. The Pentagon did say that there may be more contracts included in this list in upcoming weeks. The seven contracts that have been decided on so far are as follows: Navy – Integrated Common Processor, F/A-18E/F Full Mod of the SBAR and Shut off Valve, and Yard services for the Arleigh Burke Class destroyer; Air Force – Mobility Air Force Tactical Data Links, Consolidated Broadband Global Area Network Follow-On, and Azure Cloud Solution; and Missile Defense Agency – Technical Advisory and Assistance Contract. Unless you are a contractor working on Pathfinder/Pilot programs, or on specific F-18 initiatives, you will not have the ability to be assessed for the CMMC program until 2022.
As for the DoD requiring vendors to self-attest which security controls they are implementing from NIST SP 800-171, the DoD will be conducting on-site audits to make sure the attestations are accurate. This is especially true for contractors who claim to have a “medium” or “high” score.
In other news, recently there have been more exploitable flaws found in Solarwinds’ software. According to experts at Trustwave, a cybersecurity firm, they found three critical flaws in Solarwinds’ software. They said that the flaws could have allowed an attacker to compromise the networks of Solarwinds customers. This is extremely worrisome considering the fact that Solarwinds provides software to parts of our government and its supply chain. Since Trustwave told Solarwinds about the flaws, Solarwinds has released a patch to fix the known security vulnerabilities.
That’s all for today! Thank you for tuning in to this week’s segment of “Mondays With Miranda!” Keep up to date with current news by following NeQter Labs on Twitter, Facebook, and LinkedIn. We love comments and questions, so drop me an email email@example.com.