Contracts

Congress takes up software supply chain security

The FITARA scorecard could become a vehicle for measuring agency progress against the administration's software security goals.

Contracts

What can you do now to prepare for CMMC?

In the first of a series of videos, we talk to informed observers about what contractors should be doing ahead of the release of the CMMC draft rule and how they should approach what promises to be a massive and complex document for this new cybersecurity standard.

Contracts

A reader's guide to the upcoming draft CMMC rule

Market observers have advice on what to read and how to comment when the Defense Department releases its proposed cybersecurity rule for the industrial base.

Contracts

Fingers crossed: DOD's CMMC lead anxious for November release

The proposed final rule for the defense industrial base's new cybersecurity standard could hit the street any day.

Opinion

Demystifying the acronym soup of CMMC

To prepare for the Nov. 8 CMMC Ecosystem Summit, here is an acronym cheat sheet to follow along in the conversation about the defense industrial base's new cybersecurity standard.

Opinion

Are you seeking CMMC certification? Here's what you need to know

Ola Sage leads one of the CMMC ecosystem's assessment organizations and gives the inside word here on how contractors should move to show they are meeting this new industry-wide cybersecurity standard.

Companies

New Pentagon cyber strategy emphasizes industry and global partnerships

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy.

Opinion

Think you don't have to worry about supply chain resilience yet? Think again.

Across the analyst and policy community, there is a widespread belief that U.S. defense supply chains are not resilient enough and that raises fears of national security risks.

Opinion

Security standard revisions should not delay CMMC prep work

Companies should be ready to comply before the eventual release of the Cybersecurity Maturity Model Certification for all firms in the defense industrial base.

Companies

As supply chain threats evolve, so do the tools fighting them

A group of executives steeped in supply chain risk management issues share their insights on what’s working now and how the fight must change in the future.

Contracts

DOD eyes June for final CMMC proposed rule release

The new cybersecurity standard for the defense industrial base will likely not be final until 2024. Companies still have options available to get ready before the final proposed rules go out.

Companies

How CMMC raises legal exposures for contractors and their suppliers

Compliance issues across the defense industrial base will grow after the final rule for this cyber standard goes live, but there are steps to take for understanding and limiting risks.

Companies

Key takeaways from WT's CMMC Summit

Cybersecurity leaders emphasized that the upcoming cyber and supply chain requirement for industry is more than just a compliance list, plus help to get ready is available to small businesses.

Companies

CMMC's 'father' warns companies not to wait for final rule

The final rule for this new cybersecurity standard for the defense industrial base is months away, but the author of its founding principles sternly says get to work now.

Contracts

DHS looks to cyber self-assessments over CMMC model

DHS is considering how it might use self-assessments for vendors to measure their cyber hygiene—an approach that would set it apart from the Defense Department’s plans for third-party assessments.

Companies

Why vendors can't wait for CMMC to raise their cyber standards

"The current geopolitical climate...should have companies thinking about how they are currently defending themselves against cyber attacks," a defense official said on Thursday.