To say that DoD’s plans to enhance the cybersecurity practices of the defense industrial base have not gone exactly as planned would be polite. White House Executive Order 13556, creating controlled unclassified, was issued in 2010. 12 years later, DoD is still wrestling with the issue. DFARS 252.204-7012, which mandated NIST 800-171 compliance, became effective […]
Continue reading → [DISPLAY_ACURAX_ICONS]CMMC just became more complicated or more simple. The feds published an advance notice of proposed rulemaking (ANPR) for CMMC 2.0 and then just as quickly, unpublished it. The Federal Register, the place where official notices are published only said that they asked for it to be unpublished. So people saw the ANPR for about […]
Continue reading → [DISPLAY_ACURAX_ICONS]USTRANSCOM Starts CMMC Lite Now The DoD’s transportation command, the folks who are in charge of getting all the stuff that the military needs from where it is to where it needs to be, has announced that they are implementing a light version of CMMC NOW instead of waiting for the five years that it […]
Continue reading → [DISPLAY_ACURAX_ICONS]DoD Concerned Covid Will Cause US IP Loss In an interesting analysis, Ellen Lord, DoD’s top acquisition official, is concerned that foreign interests (including unfriendly foreign interests) will buy or invest in small U.S. defense subs and steal our tech. In theory CFIUS and FRRMA should make that harder as the government has the right […]
Continue reading → [DISPLAY_ACURAX_ICONS]Visser Precision, a precision parts contract manufacturer based in Denver, Colorado, has confirmed a “cybersecurity incident”. Visser makes parts for the likes of Tesla, Space X, Boeing and defense contractor Lockheed Martin. The ransomware was DoppelPaymer, is one of the Ransomware 2.0 variants that steal the data before they encrypt it. Some of that data […]
Continue reading → [DISPLAY_ACURAX_ICONS]DoD continues to take actions that lead us to believe that they are very serious about the Cybersecurity Maturity Model Certification process. This process will require that all DoD contractors ultimately get a third party cybersecurity certification on an annual basis if they want to continue to be part of the DoD food chain. When […]
Continue reading → [DISPLAY_ACURAX_ICONS]