Search Results for: NIST

Cybersecurity Frameworks – A (Hard)Core Feature of The Ohio Data Protection Act

In 2018, Ohio – the home of the Rock & Roll Hall of Fame – enacted a cybersecurity law that rocked cybersecurity frameworks. The Ohio Data Protection Act (“ODPA” or the Act) creates a safe harbor for organizations that adopt one of ten cybersecurity compliance frameworks. This is unique. Most other state cybersecurity laws don’t… Read more »

Oversight is Coming – Part 2: DCMA to Assess Supply Chain Compliance with DFARS

Last week, we covered the DoD memo assigning DCMA audit responsibilities for marking CUI. The same memo indicates that DCMA will also be evaluating a contractor’s procedures for assessing supply chain compliance with DFARS 252.204-7012. Today we are taking a deeper dive into what that means and what a supply chain assessment looks like. As… Read more »

Oversight is Coming: How to Prepare for a DCMA Supply Chain Audit

This article is the first in a two-part series. On January 21, 2019 the DoD released a memo requiring DCMA to validate contractor procedures for supply chain management. If you are a prime or sub on Department of Defense contracts, then your contracts are already subject to DCMA administrative oversight. This new memo adds to… Read more »

Kicking the Tires on FedRAMP

Straight talk about whether FedRAMP accreditation is right for you. In the world of FedRAMP, you are either a cloud service provider (CSP) or a user of cloud services. Many of our CSP clients are asked about FedRAMP accreditation. In some cases, a government user has told them they should be FedRAMP accredited. This is… Read more »

Cybersecurity’s 3-Million-Person Workforce Shortage is Now a Risk Management Problem

Cybersecurity’s 3-million-person workforce shortage is now a risk management problem. The cybersecurity workforce needs and wants you!  Good news for many of us – but from an employer or strategic workforce planning perspective, this is problematic. There’s now a shortage of people qualified to protect data, systems, and operations. Worldwide, the cybersecurity workforce shortage is… Read more »

Cybersecurity is a Team Sport: Why a Fractional CISO Makes Sense to Manage Cyber Risk

We live in a sharing economy. Almost anything can be had for a fraction of the cost of ownership. Need a ride? You can use Pace for bikes, Lyft or Turo for cars, or Lime for scooters. Need cash? Shared residential wi-fi? (Try Fon.) How about a shared puppy? (Fractional cuteness at Share A Dog.)… Read more »

The 2019 DFARS Glossary: Cybersecurity Acronyms for Government Contractors

It’s 2019 and our updated DFARS glossary is here. With our expanded DFARS glossary, Sera-Brynn defines key terms for cybersecurity compliance in the government space. There are many key terms you need to know – especially if you’re part of the DIB (see below), working through the DFARS cyber regulation, using cloud services, or responsible… Read more »

Our 5 Favorite Blogs of 2018 on Cybersecurity and Privacy for Businesses

FedRAMP strategy, red teaming, NIST privacy standards, evolving Federal acquisition rules, Ohio’s new cybersecurity safe harbor law – these are some of the Sera-Brynn staff blog topics from 2018.  We wrote about GDPR (but are still digesting PIPEDA, the Canadian privacy law).  We continued to talk about the FAR Reform.  We published a guest blogger’s… Read more »

Visit Sera-Brynn’s Booth at NARA’s CUI Industry Day!

Sera-Brynn offers professional services and tools to help identify and map the flow of Controlled Unclassified Information (CUI) throughout a government contractor’s information systems. The presence of CUI is of significant consequence to government contractors and their cybersecurity programs. On December 10, 2018, the National Archives and Records Administration (NARA) is hosting an event on… Read more »

GSA’s proposed new rule to govern data breaches, government access, proprietary information, and contractor responsibilities

In November 2018, U.S. General Services Administration (GSA) published its intent to enact a new rule on the reporting of data breaches. GSA is the U.S. government’s lead contracting agency. GSA also manages many government-wide IT security programs, like FedRAMP and cloud.gov. The proposed rule will ensure that GSA, plus the agency customer, will have… Read more »