Recent reports from the Department of Defense (DoD) outline common cybersecurity weaknesses for Controlled Unclassified Information (CUI) protection by contractors.  CUI is information that is possessed or created for the U.S. government that, by law, requires dissemination controls and safeguarding.  These required security controls are specified in NIST SP 800-171.  When prospective contractors respond to

DHS cybersecurity assessment criteria has been released that will set the bar for businesses seeking contract awards from the agency.  The U.S. Department of Homeland Security has released this information to ensure that appropriate levels of “cyber readiness” are in place by its vendors.  The DHS plan, released by Chief Information Security Officer Kenneth Bible, is

A lawsuit filed against Penn State University by the U.S. Department of Justice illustrates the challenges the government faces in instituting effective protection of data.  The suit filed under the False Claims Act (FCA) alleges, that the university misrepresented its adherence to required cybersecurity protocols in the handling of Controlled Unclassified Information (CUI) required.   

The #Stopransomware Guide update was released in May 2023 jointly by the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC). Information in this guide was developed by the Joint Ransomware Task Force (JRTF) which is overseen by the Federal Bureau of Investigation (FBI) and CISA. to help organizations

Hosting giant, GoDaddy, has disclosed a Multi-Year Security Breach that has compromised customer security and may cause infection of websites.  This is a noteworthy concern as the company acts as a hosting service for 20 million customers worldwide.  The first breach was reported in November of 2019.  Since this time the company has reported two

Tabletop Exercises for Cyber Incident Response teams are effective tools for assessing the ability of an organization to protect and preserve sensitive data.  These exercises engage team members to respond to a variety of scenarios.  This provides an evaluation of the Cyber Incident Response Plan’s technologies, processes, and personnel’s ability to maintain confidentiality, integrity, and

As 2023 opens it appears that there may be further delays in CMMC 2.0 reaching a final ruling as the Pentagon considers additional revisions of the proposed rule.  These reconsiderations are, as reported on ClearanceJobs, the result of internal politics and concerns on the impact on businesses.  Because the rule is in proposed status, it

Maintaining a CMMC program requires that organizations engage management system principles in their daily cybersecurity programs.  These activities will be essential for Department of Defense (DoD) contractors to remain compliant. Current CMMC Requirements Currently CMMC 2.0 requirements are divided into three levels of compliance: CMMC Level 1 – Foundational is comprised of the 17 practices

FBI concerns about TikTok’s use of U.S. citizens’ user data were conveyed to the House Committee on Homeland Security by Director Christopher Wray.  The Chinese owned social media app currently has over one billion monthly users.  Among the FBI’s concerns is that the Chinese government could conduct influence operations with the app or use it

The Truth About Iranian Cybersecurity Threats Given recent headlines, one might conclude that Iranian Cybersecurity threats were a new development.  In fact, Iran has been a player in the international cyber game since 2002 with the formation of the Ashiyane hacking forum to repress dissidents.  By 2007, government backed organizations had begun to develop sophisticated

The National Institute of Standards and Technology (NIST) announced that they had selected four Quantum-Resistant Cryptographic Algorithms to address concerns of quantum computer cyber attacks against current encryption technologies.  The selection was made from respondents to a post-quantum cryptography standardization project. The Emerging World of Quantum Computing Quantum computers utilize certain phenomena of quantum mechanics

Amendments were signed into law to the Florida State Cybersecurity Act on July 1, 2022.  These revisions illustrate the gap between desired levels of information security and attained levels in both the public and private sectors. The Act, also known as the Cybersecurity Act applies to the Florida Digital Service (FLDS) and the heads of