September 25, 2020

On September 30, 2020, Joshua Duvall will participate in a panel discussion covering the Department of Defense's ("DoD") Cybersecurity Maturity Model Certification ("CMMC") for the National Veteran Small Business Coalition.

Joined by other cyber industry leaders and experts, the panel will discuss the latest and greatest CMMC initiatives, requirements, and concerns. Some of the questions the panel will address are: 

  • When are businesses supposed to be CMMC compliant/certified by? At w...

September 9, 2020

On September 4, 2020, President Trump signed Space Policy Directive-5 (SPD-5), which establishes a set of cybersecurity principles designed to protect the nation's valuable "space systems" from a host of cyber threats aimed at disrupting our Nations critical infrastructure.

As defined in SPD-5, "space systems" is a "combination of systems, to include ground systems, sensor networks, and one or more space vehicles, that provides a space-based service. A space system typically has three segments: a...

May 26, 2020

The Verizon 2020 Data Breach Investigations Report ("DBIR") is here.  In this 13th DBIR, Verizon analyzed a record total of 157,525 incidents, of which 32,002 met their quality standards and 3,950 were confirmed data breaches. 

Before we dive into some the data, here are some helpful definitions:

  • Threat actor: Who is behind the event? This could be the external “bad guy” that launches a phishing campaign or an employee who leaves sensitive documents in their seat-back...

April 17, 2020

This week, the Government Accountability Office ("GAO") published a report finding that the Department of Defense ("DoD") has "not fully implemented three of its key initiatives and practices aimed at improving cyber hygiene."

GAO conducted this study, in part, because DoD has become "increasingly reliant on information technology (IT) and risks have increased as cybersecurity threats evolve."  GAO found that some 90% of cyberattacks could be avoided or defeated through basic cyber hygiene, which...

April 8, 2020

Today, the U.S. Cybersecurity and Infrastructure Security Agency ("CISA") published a joint advisory with the UK’s National Cyber Security Centre ("NCSC") in light of cybercriminals exploiting the COVID-19 pandemic by targeting individuals and organizations with a range of ransomware and malware.

According to the joint advisory, some examples include scams with "emails containing malware which appear to have come from the Director-General of the World Health Organization (WHO), and others wh...

March 20, 2020

Today, the Department of Defense ("DoD") released Version 1.02 of its Cybersecurity Maturity Model Certification ("CMMC"), dated March 18, 2020.  According to the CMMC Errata, all fifteen changes were termed "Administrative" changes (as opposed to "Substantive" or "Critical" changes).  Some of the Administrative changes include, for example:

  • In practice AT.4.059, the references to NIST SP 800-53 Rev 4 AT-2(3), AT-2(4), AT-2(6), AT-2(7) were removed.

  • In practice C...

March 15, 2020

On March 13th, the Cyber Security and Infrastructure Security Agency ("CISA") issued an alert regarding the increased use of remote work for many businesses in the wake of Coronavirus Disease 2019 (COVID-19).  Particularly, as more organizations use virtual private networks ("VPN") for telework "more vulnerabilities are being found and targeted by malicious cyber actors."

Alert (AA20-073A) – Enterprise VPN Security

Mitigations

CISA encourages organizations to review the following rec...

March 6, 2020

Today, the Department of Defense ("DoD") released DoD Instruction 5200.48, Controlled Unclassified Information ("CUI").  Notably, DoD Instruction 5200.48 cancels DoD Manual 5200.01, Volume 4, “DoD Information Security Program: Controlled Unclassified Information,” February 24, 2012, as amended.

Purpose: In accordance with the authority in DoD Directive (DoDD) 5143.01 and the December 22, 2010 Deputy Secretary of Defense Memorandum, this issuance:

  • Establishes policy, assigns responsib...

March 3, 2020

Yesterday, our sister blog, GovConJudicata, launched the GovConJudicata Podcast!

The GovConJudicata Podcast provides listeners with an audio experience for news, insights, and legal analysis covering a variety of issues in the government contracting space, including cybersecurity and related compliance issues.

You can find the podcast on GovConJudicata and at www.GovConJudicataPodcast.com

In addition, you can also find the GovConJudicata Podcast on Spotify and on iTunes (comin...

February 21, 2020

Today, the National Institute of Standards and Technology ("NIST") published Special Publication 800-171, Revision 2, Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations.

According to the press release, NIST SP 800-171 Rev. 2 contains only minor editorial changes and does not change any of the basic and derived security requirements under the framework:

Revision 2 provides minor editorial changes in Chapters One and Two, and in the Glossary, Acronyms, and R...

Please reload

About CyberJudicata

Welcome to CyberJudicata an informational blog/website focusing on cybersecurity and privacy issues, including cyber policy, data breach, incident response, data security, regulatory compliance, and cyber insurance.

CyberJudicata is published by Joshua Duvall, managing partner at Matross Edwards, a law firm providing government contracts and cybersecurity legal services to small and mid-sized businesses.

Contact Matross Edwards

www.MatrossEdwards.com

info@MatrossEdwards.com

202.854.9959

Search By Tags
Connect
  • Matross Edwards
  • LinkedIn
  • Twitter

Copyright © 2020 Joshua B. Duvall. All rights reserved.

CyberJudicata™ #cyberjudicata

LegalJudicata™ #legaljudicata

GovConJudicata™ #govconjudicata