The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for cybersecurity

By

Researchers: Flaws in vendor security software could leave some federal buildings vulnerable

Researchers at cybersecurity firm Tenable have discovered a number of previously unknown vulnerabilities in the access control systems of an ID card manufacturer and service provider used by federal agencies, including the Executive Office of the President.

Tenable researchers announced Monday they had found several weaknesses in the control system used by IDenticard, called PremiSys, which if exploited could allow an unauthorized person to gain access to secure buildings and disable locks, as well as exfiltrate user data or otherwise modify accounts using administrator privileges.

According to a blog posted Monday, the PremiSys system uses hardcoded usernames and passwords for administrator credentials that cannot be changed by the customers. The system also uses default usernames and passwords for database access, which the users can only change by sending preferred passwords to IDenticard, an additional step that some might not take, opting instead to leave the default credentials in place.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2019/01/researchers-flaws-vendor-security-software-could-leave-some-federal-buildings-vulnerable/154231/

By

Due to shutdown, Cybersecurity Reskilling Academy applications remain open

Federal employees looking to learn cybersecurity skills now have more time to apply for a White House-backed education program.

The application deadline for the charter class of the Federal Cybersecurity Reskilling Academy was supposed to be Friday, but due to the ongoing partial government shutdown, that deadline has been indefinitely postponed.

Federal CIO Suzette Kent tweeted Thursday that the application process for the academy remained open while the shutdown is ongoing.

What’s unclear at this point is how long the application period will be extended and how the shutdown will affect the timeline for assessing and forming the academy’s first cohort. FedScoop reached out to OMB for comment.

Keep reading this article at: https://www.fedscoop.com/despite-shutdown-kent-says-reskilling-academy-applications-remain-open/

By

Marine cyber command is getting in on other transaction contracting

The Marine Corps cyber arm is about ready to sign its first contract using the lightly regulated Other Transaction Authority given to select agencies to spur research, development and acquisition of bleeding-edge technologies without having to abide by the Federal Acquisition Regulation.

Marine Corps Forces Cyberspace Command, or MARFORCYBER, officials expect to sign their first OT contract on or before Dec. 17, Command Executive Director Gregg Kendrick told Nextgov. Kendrick said MARFORCYBER, in conjunction with Marine Corps Systems Command, has been working on the contract since May, though the hard work began in earnest in July.

The project will focus on cybersecurity and big data, including how to protect the Marines’ troves of data, as well as how to use that data to better protect the rest of the enterprise.

Keep reading this article at: https://www.nextgov.com/it-modernization/2018/12/marine-cyber-command-getting-other-transaction-contracting/153339/

By

Contractors face new data breach disclosure and investigation requirements

The government’s lead contracting agency plans to formalize how and when contractors are required to disclose data breaches and to mandate better government visibility into how serious those breaches are.

The proposed rule will mandate that the General Services Administration (GSA) and the agency that’s being served by the contract have access to breached contractor systems, according to a regulatory roadmap set to be published in the Nov. 16th edition of the Federal Register.

Contractors will also be required to preserve images of the affected systems for the government to review, the roadmap states.

The proposed rule is scheduled to be published in February with a comment period that closes in April.

Contractors have frequently been a weak point for federal cybersecurity efforts.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2018/11/government-contractors-face-new-data-breach-disclosure-and-investigation-requirements/152864/

By

Supply chain task force looks to keep ‘lemons’ out of the federal IT ecosystem

The Department of Homeland Security announced the roll out of its supply chain security task force on Information and Communications Technology.

At a Nov. 1 meeting of the Information Security and Privacy Advisory Board, a DHS official provided more details on the group’s composition and mission.

The task force will consist of approximately 60 members — drawn equally from the federal government, the tech sector and the communications sector, according to Emile Monette, a cybersecurity strategist at DHS and co-chair. Monette told FCW after the meeting that “most” of the group’s membership has been solidified, but that DHS is planning to provide more specifics in the next few weeks.

An executive committee, roughly half the full task force’s size, will meet in mid-November to begin laying out priorities and setting up work streams, such as tweaking to Federal Acquisition Regulation rules requiring the government to purchase certain IT and communications products from the original manufacturer or authorized resellers.

Keep reading this article at: https://fcw.com/articles/2018/11/01/supply-chain-dhs-lemons.aspx 

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter