In this episode Jacob and Jason discuss their takeaways from the Cyber AB Town Hall, CS2 Huntsville, and other interesting topics from March 2023 including recent #DoD testimony before Congress, #DIBCAC perspectives on Multifactor Authentication and #FIPS validated encryption, and other exciting topics. This month we were joined by our first ever podcast guest: DefCERT founder and CEO Ryan Bonner helps tackle a few complicated #CUI questions submitted during the Town Hall.

Episode Links:

DefCERT: https://defcert.com/

Ryan Bonner: https://www.linkedin.com/in/rybonner/

March AB Town Hall: https://cyberab.org/News-Events/Town-Halls/Details/march-2023-town-hall

Upcoming Natty Stratty Implementation Plan: https://federalnewsnetwork.com/cybersecurity/2023/03/white-house-aims-to-issue-cyber-strategy-implementation-plan-by-june/

DoDI 5230.24 (PDF): https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodi/523024p.pdf

CUI Registry CTI: https://www.archives.gov/cui/registry/category-detail/controlled-technical-info.html

DFARS 252.204-7012: https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012

DFARS Rights in Technical Data: https://www.acq.osd.mil/dpap/dars/dfars/html/current/227_71.htm

CMMC Scoping Guide: https://dodcio.defense.gov/CMMC/Documentation/

DI MGMT 82247: https://www.acq.osd.mil/asda/dpc/cp/cyber/docs/safeguarding/Assess-Compliance-and-Enhance-Protection-of-Contractor-System-with-Attachments-11-6-2018.pdf

CMMC Rulemaking Overview: https://youtu.be/in69ORYRx4Y

32 CFR: https://www.ecfr.gov/current/title-32

48 CFR: https://www.ecfr.gov/current/title-48

Draft CAP (PDF): https://cyberab.org/Portals/0/Documents/Process-Documents/CMMC-Assessment-Process-CAP-v1.0.pdf GAO Report: https://www.gao.gov/products/gao-23-105510

CMMC Scaling vs DIBCAC: https://www.federalregister.gov/d/2020-21123/p-49

CMMC Assessment Guide: https://dodcio.defense.gov/CMMC/Documentation/

NIST SP 800-171A: https://www.nist.gov/news-events/news/2018/06/nist-publishing-special-publication-sp-800-171a-assessing-security

SPRS Rule: https://www.federalregister.gov/documents/2023/03/22/2023-05671/defense-federal-acquisition-regulation-supplement-use-of-supplier-performance-risk-system-sprs

Bob Metzger's Take on SPRS Rule: https://www.linkedin.com/posts/robertmetzger_sprs-evaluation-criteria-manual-activity-7046888772768067584-7bHW

Jacob's CS2 Session: https://youtu.be/hipUN_4rfOs

Stacy's CS2 Session: https://youtu.be/ZvBvzZkwmZg

DoD Testimony 1: https://www.armed-services.senate.gov/hearings/to-receive-testimony-on-enterprise-cybersecurity-to-protect-the-department-of-defense-information-networks

DoD Testimony 2: https://armedservices.house.gov/hearings/cyber-information-technologies-and-innovation-subcommittee-hearing-defense-digital-era

Amira Armond: https://www.linkedin.com/in/amira-armond-25a77a141/