cybersecurity | The Contracting Education Academy

January 27, 2020 By cs

These IT, cyber provisions in the NDAA may have flown under your radar

The 2020 National Defense Authorization Act always is chalk full of interesting and impactful policy changes or updates.

The thing with the 1,794-page bill is knowing where to look.

No one person can read through the roughly 8 pounds of paper without missing a few important nuggets. So with some help of some federal experts, I dug into the NDAA and found several provisions that likely flew under your radar:

Marine Corps Maj. Gen. Dennis Crall, the senior military adviser for cyber policy for the Defense Department’s chief information officer, offered simple advice at the recent AFCEA Northern Virginia luncheon: “Read the NDAA.”

Specifically, Crall wanted industry to look at the provision requiring each military service to create a principal cyber adviser — Section 905, if you are keeping score at home.

“Congress gave us very directed tasks and responsibilities for this new billet or this new role. There are also some implied tasks. The services need some time to go through this and decide how they are going to provide a level of sufficient implementation,” Crall said.

Keep reading this article at: https://federalnewsnetwork.com/reporters-notebook-jason-miller/2020/01/these-it-cyber-provisions-in-the-ndaa-may-have-flown-under-you-radar/

January 22, 2020 By cs

The 5 trends likely to shape federal contracting in 2020

Government contracting trends that defined fiscal 2019, such as increases in “as a service” and IT consolidation, are likely to continue into FY20.

But several new programs and initiatives are likely to shape the contracting landscape in FY20.

A new report from contract analysts at Bloomberg Government released Jan. 7 broke down these areas likely to mold government contracting trends in 2020:

Best-in-class: IT consolidation
Multiple Award Schedule consolidation
Government buying “as a service”
Small-Business Runway Extension Act will begin affecting contracts
Cybersecurity will become cost of doing business

Keep reading this article at: https://www.federaltimes.com/it-networks/cloud/2020/01/08/the-5-trends-likely-to-shape-federal-contracting-in-2020/

December 6, 2019 By cs

DoD’s Cybersecurity Maturity Model Certification: Are smaller companies prepared?

New requirements mean contractors will have to pay to play. What does this mean for small businesses in the defense industry?

The cybersecurity posture of the Defense Industrial Base (DIB) supply chain is only as strong as its weakest contractor. When considering the DIB supply chain includes 300,000 contractors with sensitive government data, and around 290,000 of them are not subject to strict cybersecurity requirements or oversight, something needs to change.

Leading that change is the Office of the Under Secretary of Defense for Acquisition and Sustainment – OUSD(A&S) – which has developed the Cybersecurity Maturity Model Certification (CMMC), an agile set of unified cybersecurity standards to ensure the security of government data on DIB networks.

Keep reading this article at: https://securityboulevard.com/2019/11/dods-cybersecurity-maturity-model-certification-are-smaller-companies-prepared/

November 27, 2019 By cs

New York-based company was caught allegedly selling Chinese-made hardware to the DoD

Aventura Technologies, based out of Long Island, New York, was just busted by the government after allegedly having fraudulently sold security gear to the U.S. military for years, racking up millions in federal contract money.

According to Aventura’s website, which as of November 12 is still up and running, the company claimed to be a “true single-source manufacturer providing end-to-end hardware and software solutions.”

Some of these hardware solutions included ground-based radar, turnstiles, and closed-circuit television systems, all of which the company claimed were manufactured in America. Between 2007 and 2018, Aventura reportedly supplied various branches of the U.S. military with over $20 million dollars of said equipment.

From November 2010 to the present day, it’s estimated that Aventura pulled in over $88 million in sales to both the government and the private sector.

The sting that eventually brought down Aventura was a few years in the making, including an anonymous tip in 2017, and the discovery of Chinese lettering on a body camera by Air Force personnel the following year.

Keep reading this article at: https://www.militarytimes.com/off-duty/gearscout/irons/2019/11/14/this-new-york-based-company-was-just-caught-allegedly-selling-chinese-made-hardware-to-the-dod/

November 26, 2019 By cs

DoD Releases Version 0.6 of its Cybersecurity Maturity Model Certification

The Office of the Assistant Secretary of Defense for Acquisition has released Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment.

The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial Base (DIB) and its supply chains.

The model updates Version 0.4, which DoD released on September 4, 2019, and which we wrote about here. The CMMC establishes the framework necessary for contractors to obtain one of five certification levels necessary to perform work on certain DoD contracts, including those that require the handling of Controlled Unclassified Information. Whereas Version 0.4 merely listed the capabilities, controls, and processes that were expected to apply to each certification level, this version provides some additional discussion and clarification to assist contractors with meeting Level 1 certifications.

DoD has not explicitly asked for comment on this version of the CMMC, and has stated that the updated model is being released “so that the public can review the draft model and begin to prepare for the eventual CMMC roll out.” For this reason, although additional changes are to be expected to the model, contractors should review the general requirements closely to ensure that they are positioned to continue bidding on DoD contracts once DoD begins including a requirement to obtain a specific certification level in Requests for Proposal in Fall 2020.

Keep reading this article at: https://www.insidegovernmentcontracts.com/2019/11/dod-releases-version-0-6-of-its-cybersecurity-maturity-model-certification/