Blog

GLBA is About to Get a Cybersecurity Upgrade

If you aren’t a regular reader of the Federal Register, you may have missed a proposed upgrade for safeguarding customer information. Background When the Gramm Leach Bliley Act, fondly known as GLBA, was enacted in 1999 we were worried about Y2K, a gallon of gas cost $1.22, and SpongeBob SquarePants had just premiered on Nickelodeon…. Read more »

An Analyst Perspective: Sera-Brynn’s Report on NIST 800-171. Is Compliance Achievable?

Sera-Brynn’s report, “Reality Check: Defense Industry’s Implementation of NIST SP 800-171. Keen insights from certified cybersecurity assessors,” was published in May 2019. If you didn’t have time to read it, it tells the story of an industry struggling to fully comply with the controls of NIST 800-171, which are required to protect sensitive Government data…. Read more »

Cybersecurity Training Is Not Optional…Unless You Are in the House

Congressional Cybersecurity Training Resolution will mandate training for elected officials. Cybersecurity risk management is about understanding why you are a target, how you will be attacked, and the fallout if an attack is successful. Election security is a big deal. Right now, Florida is trying to get a handle on exactly who might have  been… Read more »

Press Release: Report on Defense Industry Implementation of NIST 800-171 Security Controls

Sera-Brynn releases “Reality Check: Defense Industry Implementation of NIST SP 800-171” – a get-real analysis of its cybersecurity assessments in the defense industry.  The report provides the insights, charts, graphs, and statistics that tell the story of an industry struggling with compliance.  FOR IMMEDIATE RELEASE:  May 15, 2019, SUFFOLK, VA.  Today, the certified cybersecurity assessment… Read more »

Data Security under the California Consumer Privacy Act: Instructions Not Included

“Reasonable security.” If you’re a California business, this is what’s generally expected of you (e.g., Cal. Civ. Code § 1798.81.5).  If you collect personal data, you are expected to secure it.  But what’s the right level of cybersecurity under the California Consumer Privacy Act of 2018 (CCPA)?  Are specific frameworks recommended? Let’s wade into the… Read more »

Cybersecurity Frameworks – A (Hard)Core Feature of The Ohio Data Protection Act

In 2018, Ohio – the home of the Rock & Roll Hall of Fame – enacted a cybersecurity law that rocked cybersecurity frameworks. The Ohio Data Protection Act (“ODPA” or the Act) creates a safe harbor for organizations that adopt one of ten cybersecurity compliance frameworks. This is unique. Most other state cybersecurity laws don’t… Read more »

Live Webinar: Impacts of New NIST 800-171 (Revision 2) on Government Contractors

Heather Engel, Chief Strategy Officer of Sera-Brynn, will join Scott Edwards, Summit 7 Systems President, to discuss the highly-anticipated revision to NIST SP 800-171. NIST 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, was first published in December 2016 (and updated in June 2018).  Under Defense Federal Acquisition Regulation Supplement (DFARS), all U.S…. Read more »

Oversight is Coming – Part 2: DCMA to Assess Supply Chain Compliance with DFARS

Last week, we covered the DoD memo assigning DCMA audit responsibilities for marking CUI. The same memo indicates that DCMA will also be evaluating a contractor’s procedures for assessing supply chain compliance with DFARS 252.204-7012. Today we are taking a deeper dive into what that means and what a supply chain assessment looks like. As… Read more »

Oversight is Coming: How to Prepare for a DCMA Supply Chain Audit

This article is the first in a two-part series. On January 21, 2019 the DoD released a memo requiring DCMA to validate contractor procedures for supply chain management. If you are a prime or sub on Department of Defense contracts, then your contracts are already subject to DCMA administrative oversight. This new memo adds to… Read more »

Sera-Brynn Now Certified to Privacy Shield Framework

Suffolk, VA, April 17, 2019 — Sera-Brynn, LCC, a global leader in cybersecurity compliance and risk management, today announced it has been added to the Department of Commerce’s list of self-certified Privacy Shield participants.  The Privacy Shield designation confirms that Sera-Brynn complies with the framework for the private and secure transfer of personal data from… Read more »