In partnership with the UW-Whitewater Cybersecurity Center for Business, Tetra Defense, an Arctic Wolf Company and CyberNINES, a series of Cybersecurity Readiness Workshops were hosted this week with special guest Matthew Travis, CEO of CMMC-AB
NEWS & UPDATES
Wisconsin DoD manufacturers and federal contractors gathered in Oshkosh on May 18 for the 8TH ANNUAL DOD CONTRACT MANAGEMENT UPDATE to discuss Supply Chain Challenges & Solutions in 2022. It has been a challenging year for the federal government and defense contractors as they face increased challenges – supply shortages, cost escalation, labor shortages, new requirements, and security challenges to mention a few.
CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager.
Podcast Episode 1:
In this month's episode we will be discussing the pros and cons of using an IT Managed Service Provider to help companies with CMMC. We will be speaking with Todd Streicher, VP of Business Development at CyberNINES.
What is CMMC?
In January 2020 the Department of Defense (DoD) announced a new standard for assessing an organization’s cybersecurity posture called “Cybersecurity Maturity Model Certification (CMMC).” According to CMMC, all DoD contractors that process, transmit or store Controlled Unclassified Information (CUI) will be asked to be certified by a third-party assessment organization (C3PAO). The new CMMC program consists of five levels of certification in both cybersecurity practices and processes.
Who is CyberNINES?
I have been doing cybersecurity for over 25 years now; CyberNINES has been around for a year and a half. The talent that makes up CyberNINES® is not new. As a retired navy officer and having spent the last ten years as a practitioner with a defense contractor learning how to get compliant, I have something to offer.
A severe vulnerability has been identified in the Apache Log4j. Apache Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. A bug in Log4j Java (Log4j 2.0-beta9 through 2.14.1) library is being used to provide hackers the ability to takeover systems without any form of authentication.
The Department of Defense’s (DoD) Interim Final Rule that went into effect on 30 November 2020, requires both primes and sub-contractors to submit their NIST SP 800-171 assessment score to the Supplier Performance Risk System (SPRS). While the rule will only impact new contracts, the DoD plans to do 148 Medium Assessments and 81 High Assessments over the next three years, with an estimated 8,823 basic assessment scores to be uploaded on SPRS each year to award new contracts to small businesses. At CyberNINES, we are aware of these changes and committed to helping small and medium-sized businesses accept purchase orders from the DoD and Prime Contractors.