Wednesday, April 14, 2021

Subscribers Only

Free

Commerce Bans 7 Chinese Firms from Buying U.S Tech

The Department of Commerce Bureau of Industry and Security issued an updated entity list adding seven Chinese firms to the list of entities prohibited...

Space Force Launches Satellite Contract as CMMC Pilot

The Space Force has nominated a new commercial satellite communications contract to be part of the Defense Department’s pilot for the Cybersecurity Maturity Model Certification program. A Request For Information for the Inmarsat Broadband Global Area Network (BGAN) and Global Xpress (GX) contract was amended March 31 to include requirements for the CMMC program, so […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Air Force CIO Has “Mixed Feelings” about CMMC Requirements

Air Force CIO Lauren Knausenberger has concerns about how the strictness of the CMMC could harm small businesses trying to enter the defense market. “I think if we lock it down so that we are not going to do business with certain people because they don’t meet [CMMC], I think that limits our options,” she […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CMMC Accreditation Body Hiring Staff, Transitioning to Governing Board

Karlton Johnson, chair of the Cybersecurity Maturity Model Certification Accreditation Body, is hiring professional staff and transitioning the board of directors from a body of “director do-ers” to become a “governing board.” The CMMC AB recently hired Matthew Travis – a former deputy director of CISA – to be CEO of the organization. Johnson says […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Status of Proposed CCPA-Like State Privacy Legislation

The end of March and beginning of April was another busy week with developments in Washington, Florida, Oklahoma, Alaska, Nevada, and Rhode Island: Washington – The House Committee on Appropriations passed the Washington Privacy Act out of committee. Oklahoma – The author of the Oklahoma Computer Data Privacy Act reported that the bill has been […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Lessons Learned from New York’s Second Cybersecurity Action

The New York Department of Financial Services has announced its second regulatory enforcement action against a regulated entity (a New York licensed mortgage banker and loan servicer) for violating NYDFS’s Cybersecurity Regulations. The action involved the mortgage banker’s failure to report a data breach – a breach caused by an employee overriding the company’s multi-factor […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Florida Legislature Considers Sweeping Data-Privacy Legislation Supported by Governor

Florida has joined the wave of states considering new comprehensive data privacy legislation. On February 15, 2021, Representative Fiona McFarland introduced HB 969, modeled after the California Consumer Privacy Act. The bill is supported by Governor Ron DeSantis and the speaker of the Florida House. As introduced, HB 969 would apply to for-profit businesses that […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Outlines of Upcoming Biden Executive Order Emerging

Inside sources indicate that President Biden's upcoming executive order on cybersecurity will require federal contractors to meet software security standards and promptly report cyber...

USDA, DOE Implementing Best Practices

Following the lead of the Department of Defense, the Department of Agriculture is creating a software factory where security is built in on the front end, and the Department of Energy is testing out a rapid Authority To Operate process to focus on risk management. USDA’s software factory uses the DevSecOps process that bakes security […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DOE Inspector General Recommends Cybersecurity Improvements

The Energy Department Office of Inspector General has issued recommendations for information security that echo many of the issues highlighted by the Cybersecurity and Infrastructure Security Agency in alerts and directives following the SolarWinds hack and subsequent breaches of Microsoft Exchange. It made 83 recommendations regarding access controls, the management of configurations and vulnerabilities, and […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.