Blogs & Analysis

Oversight is Coming – Part 2: DCMA to Assess Supply Chain Compliance with DFARS

Last week, we covered the DoD memo assigning DCMA audit responsibilities for marking CUI. The same memo indicates that DCMA will also be evaluating a contractor’s procedures for assessing supply chain compliance with DFARS 252.204-7012. Today we are taking a deeper dive into what that means and what a supply chain assessment looks like. As… Read more »

Oversight is Coming: How to Prepare for a DCMA Supply Chain Audit

This article is the first in a two-part series. On January 21, 2019 the DoD released a memo requiring DCMA to validate contractor procedures for supply chain management. If you are a prime or sub on Department of Defense contracts, then your contracts are already subject to DCMA administrative oversight. This new memo adds to… Read more »

Kicking the Tires on FedRAMP

Straight talk about whether FedRAMP accreditation is right for you. In the world of FedRAMP, you are either a cloud service provider (CSP) or a user of cloud services. Many of our CSP clients are asked about FedRAMP accreditation. In some cases, a government user has told them they should be FedRAMP accredited. This is… Read more »

Cybersecurity’s 3-Million-Person Workforce Shortage is Now a Risk Management Problem

Cybersecurity’s 3-million-person workforce shortage is now a risk management problem. The cybersecurity workforce needs and wants you!  Good news for many of us – but from an employer or strategic workforce planning perspective, this is problematic. There’s now a shortage of people qualified to protect data, systems, and operations. Worldwide, the cybersecurity workforce shortage is… Read more »

Understanding the Red Team Cycle

… and avoiding the “one and done” mentality in cybersecurity decision-making. The term Red Team is being used loosely as another term for penetration testing, though it is generally not being used as a solid business planning tool for improving the overall security of an organization’s security.  The relationship between doing a Red Team exercise… Read more »

Is “FedRAMP Ready” Status in your PaaS, IaaS, or SaaS’ Future?

“FedRAMP Ready” is an official designation from the Federal Risk and Authorization Management Program, or FedRAMP. The status of “FedRAMP Ready” is awarded to cloud service providers who undergo an independent security assessment to show they are ready to move ahead with the full FedRAMP authorization process.  Achieving FedRAMP Ready status is typically a singular… Read more »

Final Compliance Date for NY DFS Cybersecurity Regulation is March 1, 2019

A significant deadline is now approaching under the New York State Department of Financial Services (“DFS”) cybersecurity regulation, 23 NYCRR 500.   On March 1, 2019, the two-year transitional period under the NY DFS regulation expires and all remaining requirements become effective. The final requirement concerns supply chain cybersecurity. Background The NY DFS cybersecurity framework requires… Read more »

The 2019 DFARS Glossary: Cybersecurity Acronyms for Government Contractors

It’s 2019 and our updated DFARS glossary is here. With our expanded DFARS glossary, Sera-Brynn defines key terms for cybersecurity compliance in the government space. There are many key terms you need to know – especially if you’re part of the DIB (see below), working through the DFARS cyber regulation, using cloud services, or responsible… Read more »

Our 5 Favorite Blogs of 2018 on Cybersecurity and Privacy for Businesses

FedRAMP strategy, red teaming, NIST privacy standards, evolving Federal acquisition rules, Ohio’s new cybersecurity safe harbor law – these are some of the Sera-Brynn staff blog topics from 2018.  We wrote about GDPR (but are still digesting PIPEDA, the Canadian privacy law).  We continued to talk about the FAR Reform.  We published a guest blogger’s… Read more »