Cyber News Events

What is Nist

NIST Compliance? If your organization often works with the US government, involved in various businesses, you’ll surely understand the importance of compliance. Also, you must already be aware that sensitive information shared with the organization outside the government, is put through the highest security standards. The National Institute of Standards and Technology (NIST) is a non-statutory federal agency that establishes…

CMMC

Cybersecurity Maturity Model Certification DoD (Department of Defense) planned to move to a new framework to gauge and enhance the cybersecurity stance of the DIB (Defense Industrial Base). The CMMC has been created with the intention to serve as a verification mechanism. It helps ensure appropriate levels of cybersecurity practices and processes are in order. This is done to set…

Industry on pins and needles as DoD, accreditation body to finalize CMMC agreement

The Defense Department is one small step away from officially getting the Cybersecurity Maturity Model Certification off the starting blocks. Ellen Lord, the undersecretary of Defense for Acquisition and Sustainment, is ready to sign off on the memorandum of understanding with the CMMC accreditation body that would jumpstart the training of third-party assessment organizations. Katie Arrington, the chief information security officer for…

The Pentagon’s first class of cybersecurity auditors is almost here

The Pentagon hopes to have the first class of auditors to evaluate contractors’ cybersecurity ready by April, a top Department of Defense official said March 5. The auditors will be responsible for certifying companies under the new Cybersecurity Maturity Model Certification (CMMC), which is a tiered cybersecurity framework that grades companies on a scale of one to five. A score…

Officials worry Iran will target defense contractors with cyberattacks

The Department of Defense remains on alert for retaliation in cyberspace for a U.S. attack that killed a top Iranian general. But security experts and federal officials warn that Iran could target the military another way — through potentially vulnerable defense contractors. Weak cybersecurity practices in the complex DOD supply chain could make those companies attractive targets if Iran wanted to strike…

Navigating Risky Waters Of DOD Cybersecurity Certification

Law360 (February 6, 2020, 5:13 PM EST) — On Jan. 30, the U. S. Department of Defense released version 1. 0 of the Cybersecurity Maturity Model Certification, or CMMC, framework, which will require DOD contractors and subcontractors to obtain third-party certification of their cybersecurity maturity. [1]This highly anticipated 390-page release supersedes the prior draft versions, the last of which was…

DOD to Require Cybersecurity Certification in Some Contract Bids

By the end of September, the Defense Department will require at least some companies bidding on defense contracts to certify that they meet at least a basic level of cybersecurity standards when responding to a request for proposals. DOD released its new Cybersecurity Maturity Model Certification today, billed by the undersecretary of defense for acquisition and sustainment as “Version 1.0.”…

DoD to debut new cyber assessment program for contractors in less than a year

The Defense Department has an ambitious schedule for a serious overhaul of the way it monitors and enforces cybersecurity within its industrial base. If all goes as planned, vendors could start to see the new model showing up in formal solicitation documents in less than a year from now. The Cybersecurity Maturity Model Certification (CMMC), in development since March, is the department’s…

Why DoD’s decision to make cybersecurity an ‘allowable cost’ matters

That is huge, and if — and it’s a very big “if” — the Pentagon follows through with its promise by not making it so arduous to allocate costs, so long as they don’t make the allocation such a small percentage that it’s not worth it and so long as they make it a true incentive, this is one of…

Pentagon Wants Contractors to Meet Cybersecurity Requirements

The U.S. Defense Department announced this week that companies hoping to obtain defense contracts will have to demonstrate that they can keep sensitive information safe. The Pentagon has been working on a cybersecurity maturity model certification (CMMC) program whose development involved the defense industry, government officials, and the public. The framework establishes five levels of certification, each corresponding to the…

Microsoft Security Essentials Will Not Protect Windows 7 PCs After January 14, 2020

Microsoft Security Essentials (MSE) will stop protecting Windows 7 PCs on January 14, 2020, when support for Windows 7 is set to end. Organizations that cannot update their systems from Windows 7 to Windows 10 until January 14 can continue receiving patches for critical and important vulnerabilities for up to another three years if they purchase Extended Security Updates (ESU).…

Anonymity of cyber threats creates legal headaches for insurance

Cyber technology is now an integral part of all sorts of businesses, and therefore exposes them to an unpredictable range of risks. Foreign actors are increasingly using those vulnerabilities to advance state policies, causing governments to treat cyber attacks as an extension of armed conflict. That’s according to Scott Anderson, the David M. Rubenstein fellow in Governance Studies at the…

Latest Microsoft Update Patches New Windows 0-Day Under Active Attack

With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers. Microsoft’s December security updates include patches for a total of 36 vulnerabilities, where 7 are critical, 27…

Adobe Releases Patches for ‘Likely Exploitable’ Critical Vulnerabilities

The last Patch Tuesday of 2019 is finally here. Adobe today released updates for four of its widely used software—including Adobe Acrobat and Reader, Photoshop CC, ColdFusion, and Brackets—to patch a total of 25 new security vulnerabilities. Seventeen of these flaws have been rated as critical in severity, with most of them carrying high priority patches, indicating that the vulnerabilities…