The following resources highlights recent cybersecurity news including alerts, threats, vulnerabilities, and malicious activity.
- National Cyber Awareness System
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
- US CERT/CISA Cyber Announcements
The following announcements highlight recent cybersecurity news including alerts, threats, vulnerabilities, and malicious activity. They also include up-to-date information on available updates and patches for your operating systems.
- Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)
DoD is issuing an interim rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement a DoD Assessment Methodology and Cybersecurity Maturity Model Certification framework in order to assess contractor implementation of cybersecurity requirements and enhance the protection of unclassified information within the DoD supply chain.
- SANS – Critical Vulnerability Recap
When information security vulnerabilities are identified, the Internet Storm Center (ISC) develops, assembles, and distributes material to help the cyber security community manage these threats. For some of the more critical vulnerabilities, SANS hosts special webcasts led by ISC handlers to provide additional information. On this page, you can read an overview of some of the recent critical vulnerabilities, watch the related webcasts or go to the ISC to learn more about each vulnerability.
- Secret Service Issues COVID-19 (Coronavirus) Phishing Alert
The United States Secret Service is proactively taking steps to alert the public about the types of email scams associated with the Coronavirus.
- Stay Safe Online – COVID-19 Security Resource Library
This link provides relevant and helpful information to address security and privacy concerns surrounding the global COVID-19 outbreak.
- Exostar Cybersecurity Maturity Model Information Site
Exostar CMMC information site provides timelines, FAQs, and updates on development of the CMMC.
- The Cyber Accreditation Body (AB)
The Cyber AB will provide information and set requirements for prospective C3PAOs and individual assessors. Prospective C3PAOs and assessors should reference the Cyber AB website.
- U.S Department of Defense Chief Information Officer Cybersecurity Certification Maturity Model (CMMC)
To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base’s (DIB) sensitive unclassified information from frequent and increasingly complex cyberattacks. With its streamlined requirements, CMMC 2.0: Simplifies compliance by allowing self-assessment for some requirements, Applies priorities for protecting DoD information, and Reinforces cooperation between the DoD and industry in addressing evolving cyber threats.
- YouTube – Detailed Analysis of CMMC’s Impact on Suppliers
Representatives from several primes are discussing the impact of CMMC on the supplier base. These primes include Jeffrey Dodson (BAE Systems), Christopher Page (Huntington Ingalls Industries), Mike Gordon (Lockheed Martin), and Noble Dean (L3Harris).
- YouTube – The DoD’s Cybersecurity Maturity Model Certification and Process Maturity
This video is an hour long presentation conducted by Carnegie Mellon SEI to discuss the process maturity for CMMC.
- YouTube – The Fascinating History of CMMC as Told by Jacob Horne
The collective information in this presentation, "A Banquet of Consequences: The Story of CUI, DFARS, and CMMC", explains the historical actions that culminated into CMMC and its inherited traits. Furthermore, viewers can expect to garner insights on the future of CMMC and its permanence, regardless of delays. Mr. Horne spares no detail, but tactfully credits the CMMC AB and other parties involved with current efforts.
- YouTube – Understanding Cybersecurity Maturity Model Certification (CMMC): How it will affect your organization and how to prepare.
October 24, 2019: DoD has announced CMMC as a unified cybersecurity standard to be consistently applied to all organizations across the Defense Industrial Base. CMMC certification becomes a requirement in 2020. It will greatly enhance the cybersecurity of the supply chain, but will also enforce new requirements for your organization to participate on any DoD contract. CMMC requires certification by an accredited third party and is pass/fail. Watch Ms. Arrington's CMMC introduction.