NIST

Q&A with Sera-Brynn on the DoD Interim Rule, SPRS, and the November 30 Deadline that Isn’t Really a Deadline.

On September 29, 2020, the Department of Defense (DoD) released an interim rule to begin the implementation of its Cybersecurity Maturity Model Certification (CMMC) framework. The majority of the interim rule focuses on new requirements for confirming that contractors are currently in compliance the 110 security controls of National Institute of Standards and Technology (NIST)… Read more »

Press Release: “Reality Check 2020” – New Report on Defense Industry Implementation of NIST SP 800-171

Cyber risk across the Defense Industrial Base is increasing – and so are cyber rules and regulations from the Department of Defense. This report provides a current snapshot of the DIB’s state of compliance with NIST SP 800-171, including trends we’ve noticed in the past year and specific trouble areas. Read this complimentary report. FOR… Read more »

Using NIST SP 800-171A to Perform Self-Assessments and Scoring under the New DFARS Cybersecurity Rule

You are probably well aware at this point that the Department of Defense has published new (interim) cybersecurity rules (effective November 30, 2020). Much of the press around this announcement has been about the Cybersecurity Maturity Model Certification (CMMC). However, it is unknown when and to whom CMMC will apply over the next five years…. Read more »

DoD Now to Require Cybersecurity Self-Assessments with New DFARS Rule

On September 29, 2020, the Department of Defense (DoD) issued an  interim rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS). The interim rule implements the Cybersecurity Maturity Model Certification (CMMC) program. The rule introduces a new construct: the DoD Assessment Methodology.  Before contracts undergo a full CMMC review, this new construct will serve as… Read more »

Cybersecurity for Enterprise Teleworking during the WFH Contingency

The coronavirus pandemic swept entire workforces into makeshift home offices. Some people got a desk and a door. Others got a laptop on the upside-down hamper in the hall. On social media, work from home (WFH) employees celebrated the silver linings: happy pets, lunch!, discovering that a robe pocket fits a pen and notebook. But… Read more »

ICYMI: Sera-Brynn/MISI webinar: “How the DIB is Moving Towards CMMC” (June 17, 2020)

Today, Colin Glover of Sera-Brynn joined Armando Sey of the Maryland Innovation & Security Institute (MISI) for a presentation and Q&A session centered on the current state of the defense industrial base’s implementation of NIST-based cybersecurity standards. Highlighted was Sera-Brynn’s report, “Reality Check: Defense Industry’s Implementation of NIST SP 800-171. Keen insights from certified cybersecurity… Read more »

The Higher Ed Model for Cybersecurity Compliance

There are fundamental challenges to fully implementing the NIST 800-171 cybersecurity framework. However, a new study shows that higher education institutions overcome these challenges and place among the top tier of organizations for compliance. Organizations that handle sensitive government information and data face a foreign intelligence threat that is unprecedented in history. Despite this, most… Read more »

What You Need to Know About 800-171 Revisions

The long awaited NIST 800-171 Revision 2 and 800-171B drafts were released for comment today. There have been no major changes to the controls in Revision 2. This is good news for many in the DIB who have been diligently working to implement and maintain the security requirements. Of more interest is 171B enhanced security… Read more »