Sunday, September 27, 2020

Subscribers Only

Free

Bigger Worry? Supply Chain Cybersecurity or Foreign Participants?

Supply Chain issues have been a hot topic in the federal contracting community for several years now, but that conversation may be about to evolve. The focus could soon turn from whether government’s supply chains are cyber secure to how reliant contractors are on foreign sources of supply. Larry Allen, president of Allen Federal Business […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Why You Should Prioritize Cybersecurity Risk with NIST CSF

The National Institute of Standards and Technology’s Cybersecurity Framework provides organizations with a common language and foundation for understanding, managing, and indicating cybersecurity risk to stakeholders. Not only does the Framework prevent organizations from having to reinvent the wheel, but it also serves as a point of reference for how organizations prioritize and manage their […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Employee Training and Record-Keeping Requirements in the Final CCPA Regulations and a Preview of...

The California Consumer Privacy Act (CCPA) does not in itself outline specific employee training or record-keeping requirements that demonstrate business compliance with the law. However, the California attorney general’s final CCPA Regulations, intended to guide the application of the CCPA, detail that specific types of employee training and record-keeping are required for CCPA compliance. Read the full post […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

5 Takeaways from California’s “Final” CCPA Regulations

Stacey Garrett of Mitratech identifies five key points taken from the CCPA final regulations, and a quick look at what’s on the horizon. The $25 million revenue threshold for a business to be subject to the CCPA does not have to be met from within California. Privacy Policies must contain a description of consumers’ rights—even […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

New Data Protection Law in the DIFC: Who Does It Apply To and How...

The Dubai International Financial Centre has a new data protection law and regulations: the Data Protection Law DIFC Law No. 5 of 2020, and the Data Protection Regulations. This legislation became effective on July 1, repealing the previous law (Data Protection Law DIFC Law No. 1 of 2007). However, businesses have a grace period of […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Exclusive: CMMC Board Ousts Chairman and Other Top Member

Chairman Ty Schieber and head of communications Mark Berman were voted off the Cybersecurity Maturity Model Certification Accreditation Body after the recent launch of...

Comments on Government Supply Chain Rule Push for Better Definitions and More Time

The more than 30 comments submitted for the interim Federal Acquisition Rule implementing Part B of Section 889 of the 2019 NDAA raise questions related to fundamental compliance issues. The comments generally agree with the intent, but groups representing industry submitted detailed letters outlining compliance challenges. Most asked the government to extend the timelines for […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GSA Adding Supply Chain Requirements to Major Contracts

The General Services Administration is working closely with companies to ensure that new supply chain risk management requirements are appearing in major federal contracts. Keith Nakasone, GSA’s Deputy Assistant Commissioner for Acquisition, Office IT Category, says his office is taking a “proactive approach” by adding SCRM and cybersecurity language to both new and old contracts, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Postal Service Left Vulnerable IT Applications Unaddressed for Years, Inspector General Finds

Officials at the U.S. Postal Service let multiple vulnerable applications languish on the agency’s IT network for years — flaws that could have been exploited by hackers to steal sensitive data, an inspector general audit has found. Six of the IT applications were left on the Postal Service network for up to seven years with […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

House Passes Bipartisan IoT Security Bill to Fix “Glaring Gap” in Cyber Infrastructure

A bipartisan bill setting minimum security standards for Internet of Things devices connected to federal networks passed the House, and awaits a Senate floor vote. The IoT Cybersecurity Improvement Act would require NIST to set best practices for device security. The Office of Management and Budget would then create guidance for agencies to meet or […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.