Ernie Hayden

Zoom for Government has received authorization from the Defense Information Systems Agency (DISA) for Department of Defense (DoD) IL4 NIPRNet and internet-facing communications 👉 https://zm.me/41P0yPq This continues our previous DISA authority and Air Force Authority to Operate but now adds IL4 collaboration directly behind the DoD Boundary Connection Access Point or BCAP. This authorization reflects DISA’s rigorous review and reinforces their trust in Zoom for Government as a secure and robust platform for DoD and its mission partners.

994

46 Comments

Frontdoor is compiling a resource on the new tools to find customers in DoD Partial list below -- who else are we missing? - Pryzm by Nick LaRovere, Matt Hawkins and David Istrati - Obviant by Brendan Karp - Usul (YC S24) by Jarren Reid and Oliver Gomez - Sweetspot (YC S23) by Sachin S. and Philip Kung - Demand Signal by Catherine Edmonson - Deltek GovWin - GovSignals - CLEATUS AI Got use cases / success stories? Get in touch!

54

5 Comments

Coalfire Federal is proud to announce that we are officially authorized by the The Cyber AB to begin conducting #CMMC assessments as a Certified Third-Party Assessment Organization (#C3PAO)! These requirements will start rolling out in new Department of Defense contracts later this year and we are getting lots of questions on what this means now that assessments are official. We are honored to be among the first to receive this approval on the very first day assessments were authorized. We are the largest provider of independent cybersecurity assessments including #FedRAMP, #HITRUST, #ISO, #PCI, #SOC, and more than 100 other global certifications and frameworks such as #DORA, #C5, #TISAX, #HDS, #IRAP. (Yeah, its getting kind of crazy with the number of regulations out there, and we are here to make it easier for you.) Don't know where to start? We are happy to talk through different approaches, from mock-audits to penetration testing to see where you stand. Thanks to William Malone and Amy Williams PhD CISSP, CMMC-CCA, PA, PI in leading the way! #Cybersecurity #CoalfireFederal #C3PAO

193

11 Comments

The problem is decades ago it was established that secure parts do not make for secure system. Peter Neumann's 2004 report is one good source for that, https://lnkd.in/gGPeqyx7. But systems thinkers would realize that without reading Neumann - security is an emergent property. Bottom line is that judging some component such as software as secure can only be done in context of use. Just another way compliance is not secure. Compliance (at least as practiced) does not account for the individual contexts. https://lnkd.in/g-5BBfwR

27

8 Comments

🚨 BIG NEWS in CMMC and NIST Compliance 🚨 The DoD just dropped a memo titled: “Department of Defense Organization-Defined Parameters for NIST SP 800-171 Rev. 3.” 👉 Read it here https://lnkd.in/eRCEndpm Why is this a big deal? Yes, CMMC currently maps to NIST SP 800-171 Rev. 2, not Rev. 3—but this memo is a signal of what’s coming. Within 2–3 years, CMMC will almost certainly shift to Rev. 3, and this memo tells us exactly what the DoD expects when it does. As someone who consults on and assesses dozens of CMMC environments a year, I hear these questions constantly: “How often do I need to review access logs?” “What’s the DoD’s minimum requirement for [X]?” Until now, the answer has been vague: “It depends on your risk tolerance… but at least annually.” Not exactly helpful. That changes today. This memo gives clear DoD-defined Organization-Defined Parameters (ODPs)—like timeframes, frequency, and thresholds—that you can (and should) start aligning with now, even if you’re still working under Rev. 2. Why wait? 🔹 The requirements in Rev. 2 and Rev. 3 largely overlap. 🔹 Aligning with these ODPs now means fewer surprises during future assessments. 🔹 You’ll be future-proofing your program for a smoother Rev. 3 transition down the road. My advice to all CMMC stakeholders: ✅ Start implementing these DoD-defined parameters now. It’s a smart move that shows maturity and preparedness—and it’ll pay off later. Let me know if you want to walk through what this means for your environment. #CMMC #NIST800171 #Rev3 #CybersecurityCompliance #DoD #DefenseContractors #ODP #FutureProof #CUI #CISSP #CyberSecurity

34

In an era characterized by escalating cybersecurity threats, rapidly evolving technological landscapes, and heightened regulatory demands, organizations face significant pressure to modernize their Governance, Risk, and Compliance (GRC) practices. The federal government is also pivoting toward automation, with Policy-as-Code (PaC) becoming a foundational element in modern cybersecurity governance and compliance. A critical driver accelerating this urgency is a recent executive order that explicitly underscores robust cybersecurity frameworks, continuous monitoring, and adaptive compliance strategies. In response, organizations must move toward adopting innovative solutions such as Policy-as-Code methodologies.

88

9 Comments