Commerce Bans 7 Chinese Firms from Buying U.S Tech
The Department of Commerce Bureau of Industry and Security issued an updated entity list adding seven Chinese firms to the list of entities prohibited...
Space Force Launches Satellite Contract as CMMC Pilot
The Space Force has nominated a new commercial satellite communications contract to be part of the Defense Department’s pilot for the Cybersecurity Maturity Model Certification program. A Request For Information for the Inmarsat Broadband Global Area Network (BGAN) and Global Xpress (GX) contract was amended March 31 to include requirements for the CMMC program, so […]
Air Force CIO Has “Mixed Feelings” about CMMC Requirements
Air Force CIO Lauren Knausenberger has concerns about how the strictness of the CMMC could harm small businesses trying to enter the defense market. “I think if we lock it down so that we are not going to do business with certain people because they don’t meet [CMMC], I think that limits our options,” she […]
CMMC Accreditation Body Hiring Staff, Transitioning to Governing Board
Karlton Johnson, chair of the Cybersecurity Maturity Model Certification Accreditation Body, is hiring professional staff and transitioning the board of directors from a body of “director do-ers” to become a “governing board.” The CMMC AB recently hired Matthew Travis – a former deputy director of CISA – to be CEO of the organization. Johnson says […]
Status of Proposed CCPA-Like State Privacy Legislation
The end of March and beginning of April was another busy week with developments in Washington, Florida, Oklahoma, Alaska, Nevada, and Rhode Island: Washington – The House Committee on Appropriations passed the Washington Privacy Act out of committee. Oklahoma – The author of the Oklahoma Computer Data Privacy Act reported that the bill has been […]
Lessons Learned from New York’s Second Cybersecurity Action
The New York Department of Financial Services has announced its second regulatory enforcement action against a regulated entity (a New York licensed mortgage banker and loan servicer) for violating NYDFS’s Cybersecurity Regulations. The action involved the mortgage banker’s failure to report a data breach – a breach caused by an employee overriding the company’s multi-factor […]
Florida Legislature Considers Sweeping Data-Privacy Legislation Supported by Governor
Florida has joined the wave of states considering new comprehensive data privacy legislation. On February 15, 2021, Representative Fiona McFarland introduced HB 969, modeled after the California Consumer Privacy Act. The bill is supported by Governor Ron DeSantis and the speaker of the Florida House. As introduced, HB 969 would apply to for-profit businesses that […]
Outlines of Upcoming Biden Executive Order Emerging
Inside sources indicate that President Biden's upcoming executive order on cybersecurity will require federal contractors to meet software security standards and promptly report cyber...
USDA, DOE Implementing Best Practices
Following the lead of the Department of Defense, the Department of Agriculture is creating a software factory where security is built in on the front end, and the Department of Energy is testing out a rapid Authority To Operate process to focus on risk management. USDA’s software factory uses the DevSecOps process that bakes security […]
DOE Inspector General Recommends Cybersecurity Improvements
The Energy Department Office of Inspector General has issued recommendations for information security that echo many of the issues highlighted by the Cybersecurity and Infrastructure Security Agency in alerts and directives following the SolarWinds hack and subsequent breaches of Microsoft Exchange. It made 83 recommendations regarding access controls, the management of configurations and vulnerabilities, and […]