FSO Spotlight: MathCraft’s Newsletter for Security Professionals
4th Quarter, 2019
Get Ready for the 2020s:
A Decade of Security Modernization
HAPPY NEW YEAR from MathCraft!
With a decade of advancements in security standards and modernization across the federal government behind us, the next ten years are shaping up to be just as interesting: In 2019, the DCSA emerged as the government’s newest security agency under the DoD. Using artificial intelligence and machine learning, it managed to reduce the unwieldy clearance backlog – what will it do next?
Now that foreign espionage and insider threats have distinguished themselves as the year’s most potent danger to National Security, the DCSA – along with the rest of the industry – will combat them through a combination of emerging technologies: automation, data analysis and smarter compliance. To survive the next ten years, organizations will have to embrace modernization and stay one step ahead of risk.
ON THE WIRE
Continuous evaluation enrollment will more than double in 2020, DoD says – according to the DCSA, the number of cleared personnel enrolled in continuous evaluation (CE) will reach 3.6 million enrollment by the end of 2020, thanks to a push by the Trump administration Read More
Fatal shootings at US military bases highlight unexpected and growing threat – insiders with access badges – five murders across military installations in Florida and Hawaii remind FSOs that insider threats are very real and very dangerous Read More
Survey: Ransomware Will Continue to Threaten Public Sector Organizations in 2020 – after 30% of federal IT professionals encountered ransomware attacks this year, 80% of them predict that the threat of ransomware will either stay the same or grow in 2020 Read More
Ex-CIA Officer Sentenced To 19 Years For Conspiracy To Spy For China – with ex-CIA officer Jerry Chun Shing Lee’s imprisonment, three espionage cases have linked former U.S intelligence officers to China this year Read More
GSA, NIST look at automation to remove FedRAMP certification hurdles – with the Open Security Controls Assessment Language (OSCAL), the GSA hopes to lay the groundwork for automation that could significantly expedite the review process for vendors seeking FedRAMP certification Read More
The Future of Continuous Enrollment
Back in 2018, the continuous evaluation (CE) program was kickstarted to prevent the clearance backlog from hitting record highs (like the 700,000 cases it reached under the NBIB). Two years later, it has almost reached the maturity required to replace the periodic investigations that have defined background investigations for over a century.
Aside from speeding up investigations and routine processes, CE has proven its worth after thousands of adjudications and 1.4 million enrolled personnel: by monitoring personnel close to real time, it can flag concerning activity – like bankruptcy and arrest – as soon as it occurs, allowing agencies to act much more quickly than in the past.
Is Your Organization Ready for CMMC?
Last year, the DoD announced the upcoming Cybersecurity Maturity Model Certification (CMMC) framework defining cybersecurity requirements for Defense Industrial Base (DIB) subcontractors. A few months ago, a first draft of the framework was released, and – starting in January – it will go into effect, impacting nearly 300,000 organizations.
Under the CMMC, relevant organizations will be required to protect controlled unclassified information (CUI), including Personally Identifiable Information (PII), healthcare and financials, tax data and more. While a lot remains to be explained, we currently know that compliance requirements will span five levels, dictated on a by-project basis.
To learn more about CMMC, check out this helpful overview.
TIPS OF THE TRADE
Avoiding Vendor Risk
With the release of CMMC, the DoD is cracking down on risk from vendors and product manufacturers. Here’s how you can get a head start:
-Vet business practices before working with any vendor for customer satisfaction and good support
-Verify the quality of secure design by ensuring that their products are certified by bodies like the National Information Assurance Partnership (NIAP) or International Organization for Standardization (ISO)
-Avoid end-of-life products, which will likely lose support and patches for vulnerabilities soon after they are required
– Verify security controls according to NIST RMF principles
Without assessing vendors for risk and continually monitoring their products, foreign governments and other attackers may use them to spy on your organization and threaten National Security.
For more information on this topic, check out our recent blog post, Choosing Better Vendors: How NIST RMF Can Help You Manage IT Risks
NEED TO KNOW
Under the latest edition of the National Industrial Security Program Operating Manual (NISPOM), all cleared facilities are required to maintain an insider threat program to monitor and report suspicious activities.
Within MathCraft’s Access Commander®, FSOs have all the tools they need through the Insider Threat module to:
-Record incidents, investigations and corrective actions all in one place
-Monitor risks and detect patterns in behavior
-Drill down into data using advanced search
-Meet NISPOM criteria for an Insider Threat program comprehensively
In 2019, we witnessed tragic reminders that insider threats are still a reality across major news networks all year. Don’t let your organization be the next victim: take control of your security program today with Access Commander®.
Are You Under Attack?
In today’s tumultuous industrial security environment, you can’t be a Pollyanna and assume that nothing bad is ever going to happen. It’s best to “hope for the best and prepare for the worst.”
Learn how your organization can thrive under any situation with our latest eBook, Respect. Direct. Protect. Download it now!
MathCraft Security Technologies, Inc. is the leading provider of innovative software and technologies for Industrial Security professionals. Our tools are compliant with NISPOM Change 2, and they are available on-premises or in the cloud. Contact us today to see how our products can transform your security operations!
NCMS Endorsement/Disclaimer Statement: References to commercial products, processes, or services do not necessarily constitute an endorsement by NCMS Inc. The opinions and views expressed on this email and on any linked web sites do not necessarily reflect those of NCMS.
MathCraft Security Technologies, Inc.,
44121 Harry Byrd Highway, Suite 200,
Ashburn, VA 20147