fencingforum.com

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Elon Musk and Tesla found not liable in lawsuit over “funding secured” tweet

    February 4, 2023

    TikTok opens transparency center as it faces new threats of government ban

    February 2, 2023

    Boeing to retire 747 as NASA invests in sustainable aircraft design

    February 2, 2023
    Facebook Twitter Instagram
    fencingforum.com
    • Home
    • News

      Elon Musk and Tesla found not liable in lawsuit over “funding secured” tweet

      February 4, 2023

      TikTok opens transparency center as it faces new threats of government ban

      February 2, 2023

      Boeing to retire 747 as NASA invests in sustainable aircraft design

      February 2, 2023

      FTC tracks GoodRx to sell user health data

      February 1, 2023

      ChatGPT, OpenAI, Napster: AI is the future, so is litigation

      February 1, 2023
    • Crypto

      2022 Will Be Biggest Year Ever For Cryptocurrency Hacking, Report Says

      February 1, 2023

      Massachusetts Provident Solves Past Crypto Problems

      February 1, 2023

      Chiron Investigation Saves The Crypto Community With Unique Recovery Service

      February 1, 2023

      Cryptocurrency Exchange Gets Favorable Judgment In Arbitration Of Claim For Alleged Trading Loss | Proskauer – Blockchain & Law

      February 1, 2023

      Illinois Crypto Investors Share $45 Million Settlement

      February 1, 2023
    • Startup

      Proptech Startup Appoints Braves Following Competitive Pitch Today

      February 2, 2023

      Mental health startups form a union.Additionally, the Covid emergency ending in May

      February 2, 2023

      Web development startup Netlify acquires rival Gatsby

      February 2, 2023

      PitchBlack, the startup competition for black entrepreneurs, returns with a new venue

      February 2, 2023

      Meet the eight companies that make up StarTUp in The Armory’s first winter cohort

      February 1, 2023
    • Technology

      Gorilla Technology Group Appoints Lawrence Ng as Head of Asia

      February 1, 2023

      Tom Hanks, Robert Zemeckis’ new movie will use deepfake AI technology

      February 1, 2023

      See the achievements of Iran’s space technology

      February 1, 2023

      Advanced material market for nuclear fusion technology

      February 1, 2023

      12 Information Technology Stocks to Move in Wednesday’s Intraday Session

      February 1, 2023
    • Trending

      New Orleans mayor says violent crime trend is ‘encouraging’

      February 1, 2023

      Timberwolves basketball boss says Karl-Anthony Towns is ‘moving in a really positive direction’ – Twin Cities

      February 1, 2023

      What are the trends in nutrition? value, value, value.

      February 1, 2023

      Why is ‘Andrea Riseborough’s Oscar controversy’ a trend?

      February 1, 2023

      Mushrooms will continue to be a trend food in 2023 – Produce Blue Book

      February 1, 2023
    Facebook Twitter Instagram
    fencingforum.com
    Home»Technology»CMMC ‘father’ warns companies not to wait for final rule
    Technology

    CMMC ‘father’ warns companies not to wait for final rule

    admin1By admin1November 10, 20224 Mins Read
    Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Robert Metzger is considered by many to be the father of the Cybersecurity Maturity Model certification. This is a standard implemented by the Department of Defense to ensure that industrial infrastructure protects information systems and supply chains.

    Metzger has such a distinction largely because he co-authored “Deliver Uncompromised,” a report for Miter, a non-profit research firm that explains many of the principles behind CMMC.

    He is currently Co-Chair of the Cybersecurity Practice at Rogers Joseph O’Donnell Law Firm and continues to serve as a consultant to Miter.

    As a keynote speaker at Washington Technology’s CMMC Summit on November 9, Metzger set the mood for the event with a sense of urgency regarding cyber threats facing CMMC and organizations. CMMC’s final rule is due in March, but action shouldn’t wait.

    Below is an edited transcript of the conversation between Metzger and GovExec360 President Troy Schneider. Washington Technology is owned by GovExec Media.

    SCHNEIDER: One of the key takeaways from “Deliver Uncomromised” is that self-attestation alone is not enough for contractor cybersecurity, and CMMC took a lot of inspiration from that. Is there anything you wish you had put in a different frame?

    Metzger: The “Deliver Uncomromised” report started from a threat perspective and didn’t look good. We were looking at asymmetric campaigns or mixed operations by national adversaries that combined cyber IT and cyber (operational technology) attacks, as well as various supply chain attacks.

    We thought we needed something to establish what we call a Security Integrity Score.

    Nor did I think about ransomware. Ransomware is a pervasive threat and more urgent for businesses.

    SCHNEIDER: Regardless of what the final CMMC rules are, are there building blocks that companies can put in place today?

    Metzger: We start with NIST standards 801-171, but we need to take a risk-based approach to 171 controls. (There are 110 security controls described in 801-171.) Organizations should assess risk and identify their most important customers and those for whom continuity of service or protection of information is most impactful. I can. (Standard 801-171 is a framework of controls by the National Institute of Standards and Technology for protecting sensitive information in a federal contractor’s IT systems and networks.)

    What are the most cost-effective and security-enhancing controls today?

    You’ll need it eventually, but it’s not about completing everything instantly. It’s about doing the right thing quickly.

    But 171 is just the baseline, so we need to look beyond 171. Introduced in 2015. We now see forms of attack that were unimaginable at the time.

    Schneider: You mentioned ransomware, but NIST standard 801-171 doesn’t fully anticipate that threat. Are you saying you need an extension to the CMMC standard?

    Metzger: 171 is not the only frame of reference, but it is the one we have to apply. I was interested in what the insurance companies were doing. This is because insurers have made it very difficult to obtain cyber insurance coverage and pay out claims.

    There are murmurs among major insurers that they expect 10 to 12 major items to be implemented.

    In the world of commerce, people are drawn to a certain set of requirements and understand that they are carried out in order to become a trusted partner to obtain financing, or to participate in (M&A) transactions, or to acquire. I hope. cyber insurance.

    SCHNEIDER: Small businesses that are part of the defense industrial base complain that CMMC is too difficult, too expensive, and too complex. How do you balance creating no barriers to entry and providing the security you need?

    Metzger: That’s a very difficult question. Adversaries know to launch attacks against poorly defended businesses for so-called low-hanging fruit.

    The problem is that for small businesses, 171 can be difficult, intimidating, frustrating, confusing, and costly.

    But you can’t decide that security isn’t important to your small business. We cannot give them a waiver. But we must promote means by which small businesses can achieve security economically. This moves away from on-premises countermeasures to an external service provider.

    But when a small business looks at a managed service provider, managed security as a service provider, or any other external resource and says, “If I do my part and they do theirs, then one of the CMMC requirements? I’m going to finish the division.”

    I need it.

    Schneider: The final rule is expected in March. What date would you choose if you had a requirement in your contract?

    Metzger: It doesn’t really matter. A wise move is to protect yourself. now. Not because we have to comply, but because we want to keep the company in business.

    Don’t think it matters when you receive a (RFI) or (Request for Proposal) that needs your evaluation. Get ahead of the curve for your employees, lenders, clients, customers and investors.

    And your regulator too.





    Source link

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    admin1
    • Website

    Related Posts

    Technology February 1, 2023

    Gorilla Technology Group Appoints Lawrence Ng as Head of Asia

    Technology February 1, 2023

    Tom Hanks, Robert Zemeckis’ new movie will use deepfake AI technology

    Technology February 1, 2023

    See the achievements of Iran’s space technology

    Technology February 1, 2023

    Advanced material market for nuclear fusion technology

    Technology February 1, 2023

    12 Information Technology Stocks to Move in Wednesday’s Intraday Session

    Technology February 1, 2023

    GoodRx illegally shared health data with tech giants to target ads, government claims

    Leave A Reply Cancel Reply

    Recent Comments

    No comments to show.

    Archives

    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • March 2022
    • February 2022
    • December 2021

    Categories

    • Crypto
    • Make money
    • News
    • Startup
    • Technology
    • Trending
    • Uncategorized
    Facebook Twitter Instagram Pinterest
    • Home
    • Contact us
    • DMCA
    • Privacy Policy
    • Sitemap
    © 2023 opzionebinaria. Designed by opzionebinaria.

    Type above and press Enter to search. Press Esc to cancel.