The Cybersecurity Executive Order: What’s Coming and Where Are the Opportunities?

By Davis Johnson, VP & General Manager

Private sector companies have a considerable amount of work to do to comply with the recent Presidential Executive Order on Improving the Nation’s Cybersecurity. Existing contracts must be scrutinized to reduce the trend of serious cyberattacks across government and industry alike.

It’s clear that the order puts the onus on the vendor community. It reads, in part, “The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”

The order further recommends standardizing common cybersecurity contractual requirements across agencies, to “streamline and improve compliance for vendors and the Federal Government.”

Beyond the effect on contract implications, vendors can expect more attention from the government in several key technology areas, which will spark greater demand and more funding. Here are just a few:

Cyber Vulnerability and Incident Detection

Agencies are required to establish a Memoranda of Agreement with CISA for Continuous Diagnostics and Mitigation. CISA is required to report quarterly to OMB and the National Security Advisor on implementation of threat-hunting practices. Vendors can expect more contact with agencies as these reports and documents are being prepared.

Read more of this post

CDM IPv6 compliance plans due July 6: Why the technology matters

By Amanda Mull, contract specialist

As I mentioned in my previous blog, there have been some changes to CDM. The Cybersecurity and Infrastructure Security Administration (CISA) announced recently that the common requirements for the Continuous Diagnostics and Mitigation (CDM) Program had been updated to align with the extended compliance schedule published in the Office of Management and Budget (OMB) Memorandum 21-07 (M-21-07) – PDF.

By FY2023, all federal information systems must be Internet Protocol version 6 (IPv6) enabled. This is an important policy move for acquiring information technology (IT) products and services contained in Federal Acquisition Regulation (FAR) 11.002.

On June 4, CISA directed suppliers with CDM-approved products suspected of not being natively IPv6 compliant to provide proofs of capability or a plan for becoming compliant by July 6, 2021. CISA will conditionally approve products that are not fully IPv6 compliant, providing applicants submit an acceptable plan detailing how their products will become fully operational in an IPv6-only network by the end of FY2023. CISA intends to perform periodic progress checks on accepted plans.   

Read more of this post

CDM: More relevant than ever

By Amanda Mull, contract specialist

With the recent incidents involving ransomware and other serious data breaches, security remains a top priority in federal IT.

It’s been some time since we published our last blog on CDM, so to keep our channel partners and suppliers up to date on recent changes, in the coming weeks we will be publishing a series of CDM-related blogs.

In this, our first blog, we provide some basic information and discuss a recent leadership change. Future blogs will cover the federal CDM Dashboard, IPv6 compliance, updates to common requirements and the future of the CDM SIN.

Here are some of the basics about the program:

Continuous Diagnostics and Mitigation Program 

The CDM Program was developed in 2012 to support government-wide and agency-specific efforts to provide risk-based, consistent, and cost-effective cybersecurity solutions to protect federal civilian networks across all organizational tiers.

Read more of this post

Behold the New Cybersecurity and Infrastructure Security Agency

By Kevin Shaker, Consultant

For a long time now, we have been talking about a change in the mission scope and organizational structure of the National Protection and Programs Directorate, the agency largely responsible for securing federal networks and protecting critical infrastructure. But now, it seems that the 2017 bill to rename, reorganize and solidify its role at the department has finally happened.

The agency has officially been renamed the Cyber and Infrastructure Security Agency or CISA. The president signed into law the CISA Act of 2018 on November 16, 2018. The bill had been looming over Congress for some time.

Here are a few things industry will want to know about the agency’s new facelift:

Read more of this post

%d bloggers like this: