While Facility Security Officers (FSOs) aren’t traditionally responsible for managing an organization’s cybersecurity program, their role in protecting national security information and overseeing facility access control systems often puts them in line with the duties of a Chief Information Security Officer (CISO). Managing facility and cybersecurity have become blended today as cyber-attacks become more sophisticated […]
In the midst of a rising cybersecurity crisis, it’s worth keeping one thing in mind: the best way to infiltrate an organization is from the inside. With experts estimating that two out of every three data breaches are caused by insiders, insider threats remain a major concern for cleared organizations, demanding constant vigilance and alertness […]
The holiday seasons have become a perilous time for government agencies and cleared facilities: while everyone else is wrapping gifts, cyber actors are ramping up their malicious activities – and the 2021 holiday season was no exception. At the beginning of December 2021, the Apache Software Foundation disclosed a remote code execution (RCE) vulnerability in […]
2021 was an eventful year for cleared facilities, bringing new federal security legislation driven by changing trends in technology and the workforce. With rising cybersecurity threats and international conflict on the horizon, 2022 is shaping up to be just as disruptive, and FSOs must be prepared. Today, FSOs stand at the front line of America’s […]
In November 2021, the Department of Defense (DoD) introduced a major update to the Cybersecurity Maturity Model Certification (CMMC): CMMC 2.0. According to the original announcement, this update included significant changes from the previous version of CMMC (1.02), including reduced dependence on third-party assessment, and the elimination of security controls unique to CMMC. In December […]
The History of DISS and the Future of Clearance Reform After more than a decade of preparation, the Defense Counterintelligence and Security Agency (DCSA) finally rolled out the Defense Information System for Security (DISS) this March. Fulfilling a major goal of the Trusted Workforce 2.0 initiative, DISS has risen to replace the Joint Personnel Adjudication […]
Following the SolarWinds attack in December of 2020 – and the Colonial Pipeline attack 5 months later – the government has been working overtime to stem the tide of threats to America’s national security. In May 2021, the White House issued Executive Order (EO) 14028, with a long list of reforms intended to strengthen cybersecurity […]
Following the SolarWinds attack in December of 2020, regulators have been pushing for stricter supply chain risk management (SCRM) practices across federal organizations, beginning with a list of recommendations from the Government Accountability Office (GAO). But since the publication of this list, it has become clear that agencies are struggling to comply in a timely […]
It’s been nearly a year since the Cybersecurity Maturity Model Certification (CMMC) went into effect. Announced by the Department of Defense (DoD) in 2019, the program is an ambitious effort to consolidate security regulations across the Defense Industrial Base (DIB) and supplant the more familiar NIST SP 800-171. Now implementation is well underway, and the […]