|
Welcome to the WPI Cyber Newsletter, a monthly publication from the Wisconsin Procurement Institute (WPI), Wisconsin's Apex Accelerator
If your organization needs assistance meeting Federal or Department of Defense cyber security requirements, contact Marc Violante, Director of Federal Market Strategies at marcv@wispro.org, or Matt Frost, Government Contract Specialist at mattf@wispro.org
| |
|
Welcome back Katie Arrington!
Katie Arrington was part of the DoD team responsible for the development of and roll out of CMMC 1.0. She has been both an ardent supporter and champion of the program. She left DoD to pursue personal goals but continued to support and contribute her ideas and wisdom to CMMC related issues.
Now she is formally back on DoD’s CMMC Team as Deputy CIO (DCIO) for Cybersecurity (CS) within the Department of Defense (DoD). It is likely that she will bring renewed energy, enthusiasm, and awareness of this critical program. Her rejoining the team couldn’t be better timed. CMMC is in the last phase of its rulemaking process. It is expected that CMMC will be active by early Summer. As the program is formally activated and rolled out, it is more important than ever for businesses that are interested in being part of the Defense Industrial Base (DIB) to implement required cybersecurity measures.
Katie Arrington will bring renewed energy and awareness of the program to all who are interested and involved.
For companies that would like to learn more about CMMC requirements or that would like technical assistance in implementing the required measures, please contact WPI at 414-270-3600.
| |
|
DoD Issues new Guidance on CMMC Level Requirements
CMMC update: CMMC is getting closer to full implementation.
Late last year, the Title 32 Rule which implements and authorizes CMMC as a program was published. Currently, the Title 48 Rule which addresses how CMMC will be implemented in contracts is in its last phase of the regulatory process.
Full implementation of NIST 800-171 r2 requirements is the goal. For now, companies need to have a System Security Plan (SSP), conduct the DoD self-assessment, and upload their score to SPRS.
Currently, there is no minimum required SPRS score. DoD’s expectation is that companies will continue to clear their Plan Of Actions (POA) as cybersecurity continues to be a critical need and attacks not only continue but grow in sophistication.
Many of the requirements are well within the capabilities of the average company. Ignoring the issue is not a solution. Ignoring the requirements will limit your eligibility for awards as a DoD prime, as a DoD subcontractor and possibly as a Federal Prime.
WPI has resources and can provide technical assistance to assist with your efforts and developing your approach to implementing these cybersecurity requirements.
To get started, call WPI at 414-270-3600.
See the following URL to review this memo: https://dodprocurementtoolbox.com/uploads/DOPSR_Cleared_OSD_Memo_CMMC_Implementation_Policy_d26075de0f.pdf
| |
|
Password managers under increasing threat as infostealers triple and adapt
The main types of password stores include Keychain (for macOS and iOS), built-in password managers in browsers such as Chrome and Firefox, Windows Credential Manager, and dedicated password managers such as LastPass, 1Password, and Bitwarden. The category also includes cloud secrets management stores, like AWS Secrets Manager and Azure Key Vault, and caches and memory of third-party software.
Users should review the following article to identify strengths, weaknesses and threats associated with these tools.
https://www.csoonline.com/article/3825453/password-managers-under-increasing-threat-as-infostealers-triple-and-adapt.html
| |
|
Small Business Scam Alert: "United States Business Regulations Department" Letters
“some business owners have received letters, ostensibly from a U.S. Government agency called the “United States Business Regulations Department,” notifying them of a registration requirement and potential financial penalties. Upon investigation, it has been confirmed that these communications are not from any legitimate government entity but rather from scammers attempting to defraud unsuspecting small business owners.”
To safeguard your business from falling victim to such scams, DoD recommends the following steps for verifying the legitimacy of any government-related communication:
Please review the following article and take appropriate steps / action:
https://business.defense.gov/Resources/Scam-Alerts/
| |
|
Nations Open 'Data Embassies' to Protect Critical Info
“Just as an embassy is a nation's territory on foreign soil, a data embassy holds data that is subject to the owner's — not the host nation's — laws. The goal of the data-embassy movement is to provide redundancy for critical data that might otherwise be lost in a cyberattack, natural disaster, or other catastrophe, explains Kelly Ahuja, CEO of Versa Networks, a network security firm.”
"Data embassies are an interesting approach, designed to protect critical sovereign data from external cyber and physical threats," he says, adding that such an arrangement also requires a secure way to manage the data.
https://www.darkreading.com/cyber-risk/nations-data-embassies-protect-critical-info
| |
|
Specially Designated Nationals List
Office of Foreign Assets Control - Cyber-related Designations
As part of its enforcement efforts, OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific.
Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked, and U.S. persons are generally prohibited from dealing with them. Read more information on Treasury's Sanctions Programs.
https://ofac.treasury.gov/recent-actions/20250211
| |
|
CISOs’ top 12 cybersecurity priorities for 2025
How do your priorities compare? Have you established priorities for the year? CMMC is quickly approaching, implementing the requirements is not an over-night exercise. Implementation of NIST 800-171 r2 requires a company to recognize the importance of these requirements and to invest in its cybersecurity.
Establishing an strategic plan of priorities and actions to implement and maintain the required level of security may be beneficial.
Need to get started? Give WPI a call – 414-270-3600
https://www.csoonline.com/article/3809187/cisos-top-12-cybersecurity-priorities-for-2025.html
| |
|
A growth signal for the software industry?
Federal government technology officials are predicting a renaissance in software development innovation over the next four years with gains driven by the use of AI-assisted development, open source software, and cloud-native development. That’s one of the top-line findings from new research published today by MeriTalk and ICF – “Federal Software Reimagined: Fueling Mission Success with Open Source, AI, and Cloud.” The report surveys 100 Federal government civilian agency IT decision-makers, and finds that the crucial roles of AI, open source, and cloud-native drivers in software innovation received nearly unanimous endorsement from the Federal officials surveyed in the research report. On top of that, 71 percent envision that the Trump administration will be instrumental in ushering in a new era of innovation for software development. Notably, the Department of Government Efficiency (DOGE) created by President Trump has the stated mission of “modernizing Federal technology and software to maximize governmental efficiency and productivity.” And those findings just scratch the surface of the results from the “Federal Software Reimagined: Fueling Mission Success with Open Source, AI, and Cloud” report. The new report is available for download today.
| |
If your organization needs assistance meeting Federal or Department of Defense cyber security requirements, contact Marc Violante, Director of Federal Market Strategies at marcv@wispro.org, or Matt Frost, Government Contract Specialist at mattf@wispro.org | |
|
New Sessions Added
Presented by the National Contract Management Association (NCMA) Wisconsin Chapter, this webinar series covers a range of topics from market entry, sales growth, small business certifications, compliance, and more. Attendees receive 1 CPE credit for attending.
- February 26 – Understanding the US SBA and DOD Mentor Protégé Programs (MPP)
- March 5 – Marketing Materials for 1:1 Buyer Mtgs: Capabilities Statements & other Collateral
- March 19 – Acquisition Hour: Navigating AI: Practical Tips for Federal Contractors
- April 15 – Government Property Management for Federal Contractors and Subcontractors
Registration now available at
https://www.wispro.org/wpi-events/featured-webinars/acquisition-hour/
| |
-
Be sure to follow WPI on social media (Facebook, LinkedIn, X) for regular updates on events, news and opportunities.
| |
WPI 10437 Innovation Dr. Suite 320, Milwaukee, WI 53226 414-270-3600
| | | | |
