As it promised two weeks ago when it first announced the publication of a federal government’s Catalog of Known Exploited Vulnerabilities, CISA (Cybersecurity & Infrastructure Security Agency) has just updated the catalog by adding four new vulnerabilities. All of them represent significant risks. The CISA catalog is directed to non-military agencies and their contractors so […]

Well, the reports were right. On November 3rd the federal government’s Cybersecurity and Infrastructure Agency (CISA) issued a directive prioritizing vulnerability management by federal civilian agencies and establishing remediation deadlines. This new directive is referenced as Binding Operational Directive 22-01 (BOD 22-01) and has a very straightforward title: Reducing the Significant Risk of Known Exploited […]

Reports are that on Wednesday, November 3, 2021, Jen Easterly, who is the director of Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security, will issue a directive imposing new federal government cybersecurity mandates. Here’s what we know about it: The directive, which is intended to move forward some agencies that have been […]

The Department of Commerce’s Bureau of Industry and Security (BIS) today issued an interim rule on revised export controls pertaining to certain cybersecurity items and implementation of those controls. BIS requested comments addressing the impact of these controls on industry and the cybersecurity community. Those comments are to be received by December 6, 2021, and […]

Following up on the July 28, 2021 cybersecurity memorandum by the President, the Department of Homeland Security (DHS) announced this week the results of a review of resources and practices by DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST). This review led CISA and NIST to identify […]

The DoD weighed in yesterday with a promise of additional changes, and soon, to the Cybersecurity Maturity Model Certification (CMMC) program. We are told these changes will reflect industry feedback plus “internal government activities”. It appears they are a result of ongoing and wide-ranging reviews of the CMMC program that started this past spring. All aspects […]

As the provider of a compliant storage and collaboration platform for ITAR technical data and other forms of federal Controlled Unclassified Information, we often look on with amazement when some companies claim compliance with ITAR, NIST SP(s)800-171/172, and the CMMC for products and services that clearly don’t meet those standards. We assume that those companies […]

This weekend, we did a little ‘housekeeping’ and went through an old machine. We took a look at the Google Chrome browser and pulled up all the plugins. What to our surprise did we see on a VPN plug-in: A red triangle with an exclamation point and the words, “This extension contains malware.” (Yes, the […]

A nightmare is usually defined as,” a frightening or unpleasant dream”, and while we tell children that there are no such things as ghosts or bogeymen, there are real cyber nightmares that have happened and could happen. Some of the most significant events in recent years that have caused many people to cower in fear […]

While traditionally people have learned things through reading, many people prefer to learn about things by watching videos. Regardless of the method you prefer, there are many resources available for educating yourself on the Cyber Maturity Model Certification (CMMC). The following list of videos is for educating people on the history of the CMMC, each […]