October 7, 2020

Last week, the Department of Defense ("DoD") published its long-awaited rule on its Cybersecurity Maturity Model Certification ("CMMC") framework. Notably, in addition to the CMMC framework, the rule also includes a second framework related to NIST SP 800-171 DoD Assessments that some defense contractors will also need to consider. This second prong of DoD's cyber regime adds another layer of complexity for defense contractors with an obligation under the Defense Federal Acquisition Regulat...

April 17, 2020

This week, the Government Accountability Office ("GAO") published a report finding that the Department of Defense ("DoD") has "not fully implemented three of its key initiatives and practices aimed at improving cyber hygiene."

GAO conducted this study, in part, because DoD has become "increasingly reliant on information technology (IT) and risks have increased as cybersecurity threats evolve."  GAO found that some 90% of cyberattacks could be avoided or defeated through basic cyber hygiene, which...

March 25, 2020

Yesterday, the GovConJudicata Podcast published an update on the Department of Defense's Cybersecurity Maturity Model Certification ("CMMC").  For an introduction to the CMMC, check out their inaugural podcast episode.

#3 – CMMC Update

You can also find the GovConJudicata Podcast on:

You can also listen right here:

Resources:

March 20, 2020

Today, the Department of Defense ("DoD") released Version 1.02 of its Cybersecurity Maturity Model Certification ("CMMC"), dated March 18, 2020.  According to the CMMC Errata, all fifteen changes were termed "Administrative" changes (as opposed to "Substantive" or "Critical" changes).  Some of the Administrative changes include, for example:

  • In practice AT.4.059, the references to NIST SP 800-53 Rev 4 AT-2(3), AT-2(4), AT-2(6), AT-2(7) were removed.

  • In practice C...

March 6, 2020

Today, the Department of Defense ("DoD") released DoD Instruction 5200.48, Controlled Unclassified Information ("CUI").  Notably, DoD Instruction 5200.48 cancels DoD Manual 5200.01, Volume 4, “DoD Information Security Program: Controlled Unclassified Information,” February 24, 2012, as amended.

Purpose: In accordance with the authority in DoD Directive (DoDD) 5143.01 and the December 22, 2010 Deputy Secretary of Defense Memorandum, this issuance:

  • Establishes policy, assigns responsib...

June 8, 2019

DoD to propose Cybersecurity Maturity Model Certification (CMMC)––via third-party audit––and it will add another layer to defense contractor cybersecurity compliance.

It appears that the CMMC will be comprised of five levels, ranging from basic to "State-of-the-Art." In addition, the article reports that, "DoD contracts will require specific levels — and awards will be 'go/no-go' based on the contractor’s certification status."

. . .

Article: https://sera-brynn.com/pentagon-to-unveil-new-cybersec...

November 28, 2017

December 31, 2017 marks the deadline for compliance with DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (“Cyber DFARS”).[1] The Cyber DFARS principally requires defense contractors to provide “adequate security” on all “covered contractor information systems”––by implementing NIST SP 800-171 security safeguards––and to comply with cyber incident reporting requirements.[2] While the Department of Defense (“DoD”) has recognized that “[t]here is no single...

Please reload

About CyberJudicata

Welcome to CyberJudicata an informational blog/website focusing on cybersecurity and privacy issues, including cyber policy, data breach, incident response, data security, regulatory compliance, and cyber insurance.

CyberJudicata is published by Joshua Duvall, managing partner at Matross Edwards, a law firm providing government contracts and cybersecurity legal services to small and mid-sized businesses.

Contact Matross Edwards

www.MatrossEdwards.com

info@MatrossEdwards.com

202.854.9959

Search By Tags
Connect
  • Matross Edwards
  • LinkedIn
  • Twitter

Copyright © 2020 Joshua B. Duvall. All rights reserved.

CyberJudicata™ #cyberjudicata

LegalJudicata™ #legaljudicata

GovConJudicata™ #govconjudicata