If You Sell to DOD, Pay Attention to CMMC

February 6, 2020 by Leave a comment

By Troy Fortune, Vice President & General Manager

You’ve probably heard that the Department of Defense (DOD) recently released the official version 1.0 of its new Cybersecurity Maturity Model Certification (CMMC 1.0).

This is one of the hottest topics in government contracting right now and immixGroup is following developments very closely. And, it will affect everyone in our industry who sells to DOD – resellers, distributors and OEMs. 

As a quick refresher, this is a cybersecurity standard that all contractors must meet if they want to do business with DOD. As we’ve discussed before in a previous blog, the standards themselves are taken from existing ones. With CMMC 1.0, we now have more clarity on what the 5 levels of CMMC entail: Read more of this post

Filed under Contracting, Market Intelligence, Sales Tagged with , , ,

HAVA Grants Provide Funding for States to Protect Election Systems

December 12, 2019 by Leave a comment

By Rachel Eckert, SLED Manager

With just about a year before the general election and eight months before the primaries, the rush is on to identify and mitigate any potential security gaps in election systems!

Our national election system is a very complex network and involves multiple stakeholders including federal, state and local public entities, private companies and citizens. Multiple IT systems and databases that manage and support voter registration, polling books, vote tallying and election night results – are all potential points of vulnerability.

Updating and/or replacing these systems is not cheap, and with already strapped budgets, this strains state and local governments alike. While some governments have already invested in systems upgrades and improvements, many others will be looking for help from the vendor community before the next big general election.

HAVA Grants Fund Election System Upgrades

The good news is that there are funds available to state and local entities in the form of grants from the “Help America Vote Act” – or HAVA. In March 2019, an additional $380M from the federal government was provided to states to help with election security improvements. Each state received a base of $3M with the remainder of the $380M distributed by voting age population. Smaller states typically only received the base $3M, but larger states like California received upwards of $34M. Read more of this post

Filed under Market Intelligence, Sales Tagged with , ,

New Security Requirements Coming to DOD Acquisition in 2020

August 7, 2019 by Leave a comment

Lloyd McCoy Jr.Cyber security network concept. Master key connect virtual networking graphic and blur laptop with flare light effectBy Lloyd McCoy, Market Intelligence Manager

Starting next summer, anyone selling IT to the Department of Defense will need to be certified by the Cybersecurity Maturity Model Certification (CMMC) in order to compete for contracts.

The CMMC is a set of security standards that will start appearing in RFIs in June 2020 and will apply to all defense acquisitions by September. The CMMCs will represent security maturity levels and will have five levels, each with their associated security controls and processes. Level 1 will likely be like what we consider basic hygiene, with Level 5 describing the very best in security practices. The level needed will depend on the contract and will be used to determine whether a vendor makes the cut. Details on what each of the levels contain are scant right now but expect more information in the coming months as the Department collects public feedback. Read more of this post

Filed under Market Intelligence, Sales Tagged with , ,

States Improving Cybersecurity Posture Through NGA Partnership

July 10, 2019 by Leave a comment

By Rachel Eckert, SLED Manager

The National Governors Association (NGA) recently announced a partnership with states and territories that are looking to enhance their cybersecurity posture through the implementation of key controls to mitigate future attacks.

After a competitive application process, the six states and one territory chosen were Arkansas, Guam, Louisiana, Maryland, Massachusetts, Ohio and Washington. Through a series of workshops between now and the end of the year, NGA, along with their respective homeland security agencies and National Guard units, will coordinate with state agencies, local government and K-12 schools to develop methods of improving existing cybersecurity approaches.

During the workshops, participants will brainstorm new methods to protect critical infrastructure, and vendors may discover new business opportunities. In addition to developing more comprehensive strategies and collaborating with neighboring governments, the participants will be focusing on implementing six key controls outlined by the Center for Internet Security:

Read more of this post

Filed under Market Intelligence, Sales, SLED Tagged with , , ,

DHS CISO Talks About Authentication, Supply Chain and Internet Regulation

June 19, 2019 by Leave a comment

By Lloyd McCoy, Market Intelligence ManagerLloyd McCoy Jr.

At a recent immixGroup vendor demo day, Paul Beckman, CISO at the Department of Homeland Security, touched on several technological challenges and frustrations that concern him – topics ranging from patching to supply chain risk to the inevitability of security regulations surrounding the internet.

“I want to get out of the patching business,” Beckman noted, asking, “why can’t I go to automatic updates?” “I don’t understand why we’re still relying on the selected pushing of patches,” he continued. A decade ago a service patch might have created the “blue screen of death” on machines, Beckman said, so that even today, “the ops side of the house is telling me, ‘what are we going to do if we get a bad patch?’”

“My response to them is that restore capability has matured greatly in the last decade. Something goes bad in the machine, push a button, you’re back to where you were at midnight last night.” Beckman added that technology has advanced to the point where the bad patch argument can be discounted and end points can go to automatic patching.
Read more of this post

Filed under Market Intelligence, Sales Tagged with , , , , ,

Vendor Innovations in Cybersecurity: From Browsers to IoT to Mobile

May 29, 2019 by Leave a comment

By Tim Larkins, Senior Director, Market Intelligence and Corporate Development

Threats to network security have evolved and vulnerable attack vectors have expanded – from browsers to mobile devices to the increasingly interconnected appliances that are part of the Internet of Things (IoT). Vendors of cybersecurity solutions are now branching out beyond their initial niches to embrace wider aspects of security.

In immixGroup’s recent panel discussion during Cyber Ops Demo Day held earlier this month, six of industry’s most prominent vendors each described what they were doing to help prevent security breaches in this era of multiple security attack vectors.

Marlin McFate, federal CTO, Riverbed Technology, said his company has broadened its reach beyond network monitoring, application monitoring and user monitoring to security issues ranging from insider threat to exfiltration. Riverbed’s acquisition of FlowTraq has integrated that capability into its visibility solution. The technology allows for security problems to be analyzed from a behavioral perspective, to identify devices that are no longer acting like normal appliances or system users that are not actually part of the organization.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , ,

Government Needs to Shore Up Security Readiness – Before the Next Shutdown

February 6, 2019 by Leave a comment

Lloyd McCoy Jr.

By Lloyd McCoy, Market Intelligence Manager

Whether it’s through government shutdowns or cyber threats, the possibility of government having to unexpectedly operate at reduced capacity is greater than ever. While it appears that the recent partial shutdown had minimal impact on security readiness, we should count ourselves lucky instead of expecting such an outcome to be the norm.

With the resumption of full government operations, all agencies, not just those affected, should take stock and partner with industry to shore up their posture in two areas, risk management and AI.

Risk Management

Government agency risk management strategies have traditionally emphasized the threat landscape and vulnerability of attack surfaces. Expect agencies to take a hard look at their risk posture to determine whether they’ve adequately factored in the impact of government shutdowns. This is an area where industry can play a role – helping agencies adjust their security readiness in an environment where reduced operations may become more of a norm.

Work with your government customer or prospect to ensure that proper backup and recovery capabilities are in place, that their systems and networks have the right kind of resiliency and segmentation solutions in place, and that the security personnel are equipped with the right tools to “put out fires” when workforce and capacity levels are compromised.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , , ,

Older posts

%d bloggers like this: