In this episode Jacob and Jason discuss their takeaways from the January Cyber AB Town Hall including several great questions submitted from the #CMMC ecosystem. They also cover some great questions submitted by podcast listeners. Jacob breaks down the upcoming agenda for #CS2 Huntsville (there may or may not be a discount code for podcast listeners). Another #CISA alert related to managed service providers popped up in January. Additionally, a handful of #DoD reports on the level of internal resourcing and funding for cybersecurity shed light on the idea that DoD will have a CMMC cloud enclave ready for everyone in the #DIB on day 1 (or at all). Finally, several very interesting reports came out regarding the larger cyber-regulatory ecosystem. It helps to look up from the details of the CMMC debate from time to time in order to see which way the winds are blowing overall.

CS2 Huntsville: https://cs2.cloud/huntsville

Episode Links:

January AB Town Hall: https://cyberab.org/News-Events/Town-Halls/Details/january-town-hall Understanding CMMC

Rulemaking: https://info.summit7.us/blog/cmmc-compliance-deadline CMMC CAP & Comments: https://cyberab.org/CMMC-

Ecosystem/Member-Area-Downloads-and-Forums DoDI 5230.24: https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodi/523024p.pdf

CUI Registry (CTI): https://www.archives.gov/cui/registry/category-detail/controlled-technical-info.html

CUI on Game Forums: https://www.pcgamer.com/more-restricted-military-intel-ends-up-on-the-war-thunder-forums/ More CUI on Game Forums: https://www.pcgamer.com/wait-again-war-thunder-fans-just-cant-help-themselves-when-it-comes-to-posting-sensitive-military-documents/

DoD IG on CUI Overmarking: https://www.stripes.com/theaters/us/2023-01-03/congress-orders-pentagon-controlled-unclassified-8639918.html

Production Machining Article: https://www.productionmachining.com/articles/a-small-cnc-machine-shops-journey-to-cmmc- CS2 Huntsville: https://cs2.cloud/huntsville

CISA Alert on RMM Software: https://www.cisa.gov/uscert/ncas/alerts/aa23-025a DoD IG on "SUNET": https://www.dodig.mil/reports.html/Article/2931705/project-announcement-evaluation-of-dods-secure-unclassified-network-sunet-cyber/

DoD Annual OT&E Report: https://www.dote.osd.mil/annualreport/

Minihan Memo: https://www.airandspaceforces.com/read-full-memo-from-amc-gen-mike-minihan/

CSIS Wargame Video: https://www.youtube.com/watch?v=YZ6HJEl7Q90

Compliance Statistics: https://secureframe.com/blog/compliance-statistics

World Economic Forum Cyber Outlook: https://www.weforum.org/reports/global-cybersecurity-outlook-2023

Daniel on Cloud Enclaves: https://www.youtube.com/watch?v=_Ka-AOzb54s

CSF 2.0 Concept Paper: https://csrc.nist.gov/News/2023/csf-2-0-concept-paper-released

Cyber Requirements as "Outcomes": https://www.garp.org/risk-intelligence/technology/cyber-risk-landscape-011322

Regulation Predictions: https://www.hstoday.us/featured/column-avoiding-regulatory-pitfalls-in-cyberspace/

John Ellis on DIBCAC Assessments for SMBs: https://youtu.be/NA_th4wmUuY

Jim Dempsey Lecture: https://www.youtube.com/watch?v=-ZfXB78vB10