Associate Member of NCMS
New Legislation and Changing Threats
2021 has been an eventful year for cybersecurity as the U.S comes to grips with rising ransomware and IoT attacks, supply chain vulnerabilities and more. Following May’s executive order, this quarter has seen new legislation from multiple agencies, the risk of a government shutdown and many other developments.
It’s a lot to keep up with, and MathCraft is here to give you the scoop. The role of FSOs and other security officers in America’s security preparedness has never been greater, and this drives us to keep our subscribers informed with the latest news, tips and “need-to-know” information.
A Cyber 9/11?
MathCraft honors the memory of all Americans, first-responders and government employees who perished on 9/11.
This month, Americans paused to remember the 20th anniversary since the terrorist attacks of December 11th, 2001. Since then, no single incident has caused a greater number of casualties on U.S soil. But the world has changed with the emergence of a global digital infrastructure, and some have worried about the possibility of a “cyber 9/11”.
Experts reassure the country that such an event is unlikely. While cyberterrorism is a real and present reality which FSOs confront on a daily basis, the ability to cause mass casualties through cyberactivity is still beyond the capabilities of most terrorist organizations.
Even so, the possibility can’t be totally dismissed. Today, small groups can leverage malware-as-a-service to supplement their cyber capabilities, and targets like emergency communication systems could have devastating consequences. Such risks call for renewed vigilance and mutual cooperation throughout the federal government – we know that FSOs will be on the front lines of the fight.
The Future is Zero Trust
Following May’s executive order on cybersecurity, the OMB is gearing up to mandate zero-trust network policies across federal agencies and cleared organizations. CISA has issued a preliminary maturity model with comments due on October 1st; once it is finalized, the OMB will likely enforce it by the end of 2024.
Federal Chief Information Officer Clare Martorana summarizes the philosophy of zero-trust in a single statement: “never trust, always verify.” In more concrete terms, that means:
Once deployed, zero-trust architecture will likely take some getting used to. But in the face of increased ransomware and supply chain attacks, cybersecurity experts agree it is the best step forward to protect the country from developing threats.
With the release of NIST guidelines for software use and testing, cleared organizations should familiarize themselves with supply chain risk management (SCRM) practices and defend against supply chain attacks. Here are four tips based on a report from the Government Accountability Office (GAO):
For more, see the GAO’s full report: Federal Agencies Need to Take Urgent Action to Manage Supply Chain Risks.
The Cybersecurity Maturity Certification Model (CMMC) rule went into effect in December of 2020 under a five-year rollout plan. Between now and 2025, the DoD will be fleshing out the requirements of CMMC and training accredited inspectors through the CMMC Accreditation Body.
In its current state, CMMC incorporates the security controls and practices contained in NIST 800-171 with the objective of protecting Controlled Unclassified Information (CUI). It also introduces new controls across multiple security domains. CMMC is also divided into 5 levels of security with different standards of protection.
In order to receive certification at any level, organizations must be certified by a Certified Third-Party Assessment Organization (C3PAO). Unfortunately, the process of training assessors is ongoing, and only 360 individuals are expected to be trained by the end of 2021. Until then, cleared organizations should familiarize themselves with the requirements of CMMC and work to comply with existing legislation like NIST 800-171.
Ever since the December SolarWinds breach, supply chain security has been a top concern for cybersecurity leaders in the U.S. In our latest blog post, learn about ongoing legislation developments, and how you can insulate your organization against supply chain attacks.
It’s been nearly a year since the Cybersecurity Maturity Model Certification (CMMC) went into effect, promising greater accountability and better protection in a world of emerging threats. In this blog post, learn everything you need to know about CMMC and how to prepare for it.
Today’s FSOs have a lot on their plates: they don’t have all day to spend in front of a screen fielding emails or keeping track of individual support tickets. In this blog post, learn how you can use Portal Commander™ to automate form tracking and management for your cleared personnel.
MathCraft Security Technologies, Inc. is the leading provider of innovative software and technologies for Industrial Security professionals. Our tools are compliant with NISPOM and are available on-premises or in the cloud. Contact us today to see how our products can transform your security operations!
NCMS Endorsement/Disclaimer Statement: References to commercial products, processes, or services do not necessarily constitute an endorsement by NCMS Inc. The opinions and views expressed on this email and on any linked web sites do not necessarily reflect those of NCMS.