New proposed rule for CMMC 2.0 lays out security requirements, raises some eyebrows

New proposed rule for CMMC 2.0 lays out security requirements, raises some eyebrows
New proposed rule for CMMC 2.0 lays out security requirements, raises some eyebrows

At its most basic level, under CMMC 2.0, defense contractors and subcontractors that have access to controlled unclassified information (CUI) will be required to demonstrate the “maturity” of their cybersecurity programs against a set of increasingly advanced capabilities. 

By  
DoD official envisions faster ‘secure pipeline’ to help small business tech contractors protect information

DoD official envisions faster ‘secure pipeline’ to help small business tech contractors protect information
DoD official envisions faster ‘secure pipeline’ to help small business tech contractors protect information

“In my mind, these are some of these avenues that we’re looking at at an idea phase now to see if we can put resources behind it,” said Robert Vietmeyer, director for cloud and software modernization.

By  
Five years to zero trust: Pentagon has ‘no choice’ but to sprint toward network goals

Five years to zero trust: Pentagon has ‘no choice’ but to sprint toward network goals
Five years to zero trust: Pentagon has ‘no choice’ but to sprint toward network goals

“I can tell you at DoD, we’re taking this very seriously,” DoD CIO John Sherman said. “And we are committed to implementing zero trust at scale for our four-million-person-plus enterprise that we lead.” 

By  
Pentagon eyeing the cloud to help firms meet CMMC cybersecurity requirements

Pentagon eyeing the cloud to help firms meet CMMC cybersecurity requirements
Pentagon eyeing the cloud to help firms meet CMMC cybersecurity requirements

“For instance, in the CMMC realm, rather than go out and assess each and every network of our industry partners, I’m kind of keen on establishing some sort of cloud services […]” said David McKeown, DoD deputy chief information officer and senior information security officer

By  
Pentagon rolls out v2.0 of controversial CMMC program

Pentagon rolls out v2.0 of controversial CMMC program
Pentagon rolls out v2.0 of controversial CMMC program

DoD said it will be “increas[ing] oversight of professional and ethical standards of third-party assessors.”

By  
‘Start Of A New Day’: DoD’s New Cybersecurity Regs Take Effect Today

‘Start Of A New Day’: DoD’s New Cybersecurity Regs Take Effect Today
‘Start Of A New Day’: DoD’s New Cybersecurity Regs Take Effect Today

Designed to help secure the supply chain, CMMC requires the defense industrial base to protect Controlled Unclassified Information.

By  
Starting Dec. 1, Cybersecurity Is No Longer Optional

Starting Dec. 1, Cybersecurity Is No Longer Optional
Starting Dec. 1, Cybersecurity Is No Longer Optional

“This is the start of a new day in the Department of Defense where cybersecurity, as we’ve been saying for years is foundational for acquisitions, we’re putting our money where our mouth is. We mean it,” Katie Arrington says.

By  
North Korea’s Hackers Target Tech Secrets

North Korea’s Hackers Target Tech Secrets
North Korea’s Hackers Target Tech Secrets

The alert “should raise concern for those simply focused on China or Russia as the core threat to our national security,” says Eric Noonan, CEO of security firm CyberSheath.

By  
NTIA Aims For Shareable Software Forensics To Protect Supply Chain

NTIA Aims For Shareable Software Forensics To Protect Supply Chain
NTIA Aims For Shareable Software Forensics To Protect Supply Chain

NTIA is not aiming at eventual regulations; rather voluntary sharing of critical information about software supply chains.

By  
Lord Begins Long March To Supply Chain Cybersecurity

Lord Begins Long March To Supply Chain Cybersecurity
Lord Begins Long March To Supply Chain Cybersecurity

Undersecretary Ellen Lord took pains today to emphasize companies would have plenty of time and plenty of help to meet new security standards. Is she going too slow?

By