In this episode Jacob and Jason discuss their takeaways from the January Cyber AB Town Hall including several great questions submitted from the #CMMC ecosystem. They also cover some great questions submitted by podcast listeners. Jacob breaks down the upcoming agenda for #CS2 Huntsville (there may or may not be a discount code for podcast listeners). Another #CISA alert related to managed service providers popped up in January. Additionally, a handful of #DoD reports on the level of internal resourcing and funding for cybersecurity shed light on the idea that DoD will have a CMMC cloud enclave ready for everyone in the #DIB on day 1 (or at all). Finally, several very interesting reports came out regarding the larger cyber-regulatory ecosystem. It helps to look up from the details of the CMMC debate from time to time in order to see which way the winds are blowing overall.
CS2 Huntsville: https://cs2.cloud/huntsville
Episode Links:
January AB Town Hall: https://cyberab.org/News-Events/Town-Halls/Details/january-town-hall Understanding CMMC
Rulemaking: https://info.summit7.us/blog/cmmc-compliance-deadline CMMC CAP & Comments: https://cyberab.org/CMMC-
Ecosystem/Member-Area-Downloads-and-Forums DoDI 5230.24: https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodi/523024p.pdf
CUI Registry (CTI): https://www.archives.gov/cui/registry/category-detail/controlled-technical-info.html
CUI on Game Forums: https://www.pcgamer.com/more-restricted-military-intel-ends-up-on-the-war-thunder-forums/ More CUI on Game Forums: https://www.pcgamer.com/wait-again-war-thunder-fans-just-cant-help-themselves-when-it-comes-to-posting-sensitive-military-documents/
DoD IG on CUI Overmarking: https://www.stripes.com/theaters/us/2023-01-03/congress-orders-pentagon-controlled-unclassified-8639918.html
Production Machining Article: https://www.productionmachining.com/articles/a-small-cnc-machine-shops-journey-to-cmmc- CS2 Huntsville: https://cs2.cloud/huntsville
CISA Alert on RMM Software: https://www.cisa.gov/uscert/ncas/alerts/aa23-025a DoD IG on "SUNET": https://www.dodig.mil/reports.html/Article/2931705/project-announcement-evaluation-of-dods-secure-unclassified-network-sunet-cyber/
DoD Annual OT&E Report: https://www.dote.osd.mil/annualreport/
Minihan Memo: https://www.airandspaceforces.com/read-full-memo-from-amc-gen-mike-minihan/
CSIS Wargame Video: https://www.youtube.com/watch?v=YZ6HJEl7Q90
Compliance Statistics: https://secureframe.com/blog/compliance-statistics
World Economic Forum Cyber Outlook: https://www.weforum.org/reports/global-cybersecurity-outlook-2023
Daniel on Cloud Enclaves: https://www.youtube.com/watch?v=_Ka-AOzb54s
CSF 2.0 Concept Paper: https://csrc.nist.gov/News/2023/csf-2-0-concept-paper-released
Cyber Requirements as "Outcomes": https://www.garp.org/risk-intelligence/technology/cyber-risk-landscape-011322
Regulation Predictions: https://www.hstoday.us/featured/column-avoiding-regulatory-pitfalls-in-cyberspace/
John Ellis on DIBCAC Assessments for SMBs: https://youtu.be/NA_th4wmUuY
Jim Dempsey Lecture: https://www.youtube.com/watch?v=-ZfXB78vB10