Cyber

Supply Chain issues have been a hot topic in the federal contracting community for several years now, but that conversation may be about to evolve. The focus could soon turn from whether government’s supply chains are cyber secure to how reliant contractors are on foreign sources of supply. Larry Allen, president of Allen Federal Business […]

The National Institute of Standards and Technology’s Cybersecurity Framework provides organizations with a common language and foundation for understanding, managing, and indicating cybersecurity risk to stakeholders. Not only does the Framework prevent organizations from having to reinvent the wheel, but it also serves as a point of reference for how organizations prioritize and manage their […]

The California Consumer Privacy Act (CCPA) does not in itself outline specific employee training or record-keeping requirements that demonstrate business compliance with the law. However, the California attorney general’s final CCPA Regulations, intended to guide the application of the CCPA, detail that specific types of employee training and record-keeping are required for CCPA compliance. Read the full post […]

Stacey Garrett of Mitratech identifies five key points taken from the CCPA final regulations, and a quick look at what’s on the horizon. The $25 million revenue threshold for a business to be subject to the CCPA does not have to be met from within California. Privacy Policies must contain a description of consumers’ rights—even […]

The Dubai International Financial Centre has a new data protection law and regulations: the Data Protection Law DIFC Law No. 5 of 2020, and the Data Protection Regulations. This legislation became effective on July 1, repealing the previous law (Data Protection Law DIFC Law No. 1 of 2007). However, businesses have a grace period of […]

Chairman Ty Schieber and head of communications Mark Berman were voted off the Cybersecurity Maturity Model Certification Accreditation Body after the recent launch of...

The more than 30 comments submitted for the interim Federal Acquisition Rule implementing Part B of Section 889 of the 2019 NDAA raise questions related to fundamental compliance issues. The comments generally agree with the intent, but groups representing industry submitted detailed letters outlining compliance challenges. Most asked the government to extend the timelines for […]

The General Services Administration is working closely with companies to ensure that new supply chain risk management requirements are appearing in major federal contracts. Keith Nakasone, GSA’s Deputy Assistant Commissioner for Acquisition, Office IT Category, says his office is taking a “proactive approach” by adding SCRM and cybersecurity language to both new and old contracts, […]

Officials at the U.S. Postal Service let multiple vulnerable applications languish on the agency’s IT network for years — flaws that could have been exploited by hackers to steal sensitive data, an inspector general audit has found. Six of the IT applications were left on the Postal Service network for up to seven years with […]

A bipartisan bill setting minimum security standards for Internet of Things devices connected to federal networks passed the House, and awaits a Senate floor vote. The IoT Cybersecurity Improvement Act would require NIST to set best practices for device security. The Office of Management and Budget would then create guidance for agencies to meet or […]