Compliance

Using NIST SP 800-171A to Perform Self-Assessments and Scoring under the New DFARS Cybersecurity Rule

You are probably well aware at this point that the Department of Defense has published new (interim) cybersecurity rules (effective November 30, 2020). Much of the press around this announcement has been about the Cybersecurity Maturity Model Certification (CMMC). However, it is unknown when and to whom CMMC will apply over the next five years…. Read more »

DoD Now to Require Cybersecurity Self-Assessments with New DFARS Rule

On September 29, 2020, the Department of Defense (DoD) issued an  interim rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS). The interim rule implements the Cybersecurity Maturity Model Certification (CMMC) program. The rule introduces a new construct: the DoD Assessment Methodology.  Before contracts undergo a full CMMC review, this new construct will serve as… Read more »

An Analyst Perspective: Sera-Brynn’s Report on NIST 800-171. Is Compliance Achievable?

Sera-Brynn’s report, “Reality Check: Defense Industry’s Implementation of NIST SP 800-171. Keen insights from certified cybersecurity assessors,” was published in May 2019. If you didn’t have time to read it, it tells the story of an industry struggling to fully comply with the controls of NIST 800-171, which are required to protect sensitive Government data…. Read more »

Is “FedRAMP Ready” Status in your PaaS, IaaS, or SaaS’ Future?

“FedRAMP Ready” is an official designation from the Federal Risk and Authorization Management Program, or FedRAMP. The status of “FedRAMP Ready” is awarded to cloud service providers who undergo an independent security assessment to show they are ready to move ahead with the full FedRAMP authorization process.  Achieving FedRAMP Ready status is typically a singular… Read more »

Final Compliance Date for NY DFS Cybersecurity Regulation is March 1, 2019

A significant deadline is now approaching under the New York State Department of Financial Services (“DFS”) cybersecurity regulation, 23 NYCRR 500.   On March 1, 2019, the two-year transitional period under the NY DFS regulation expires and all remaining requirements become effective. The final requirement concerns supply chain cybersecurity. Background The NY DFS cybersecurity framework requires… Read more »

In the News: NEO Blockchain adds Spatium™ wallet to the list of approved wallets

In recent news, Spatium announced that its wallet for storing cryptocurrency was accepted into the NEO blockchain community.  In order to be accepted into the selective community, Spatium’s wallet underwent multiple, rigorous technical security reviews.  Sera-Brynn was the independent third-party evaluator.  Spatium states that its “software wallet promises greater security than today’s hardware wallets based… Read more »

Our 5 Favorite Blogs of 2018 on Cybersecurity and Privacy for Businesses

FedRAMP strategy, red teaming, NIST privacy standards, evolving Federal acquisition rules, Ohio’s new cybersecurity safe harbor law – these are some of the Sera-Brynn staff blog topics from 2018.  We wrote about GDPR (but are still digesting PIPEDA, the Canadian privacy law).  We continued to talk about the FAR Reform.  We published a guest blogger’s… Read more »

GSA’s proposed new rule to govern data breaches, government access, proprietary information, and contractor responsibilities

In November 2018, U.S. General Services Administration (GSA) published its intent to enact a new rule on the reporting of data breaches. GSA is the U.S. government’s lead contracting agency. GSA also manages many government-wide IT security programs, like FedRAMP and cloud.gov. The proposed rule will ensure that GSA, plus the agency customer, will have… Read more »

Still Lagging on DFARS? The Navy Has A Memo For You

by Heather Engel, Sera-Brynn Chief Strategy Officer The Assistant Secretary of the Navy recently released a memo imposing additional requirements on select contracts. For the last three years, Defense contractors have been working (some more diligently than others) to comply with DFARS clause 252.204-7012 that requires implementation of NIST SP 800-171. I’ve written numerous articles… Read more »