
Sign up to save your podcasts
Or
Topic: Title: Data Governance and Threat Intelligence Converge
In Episode 83 of TheCyber5, we are joined by our guest, Egnyte’s Chief Governance Officer, Jeff Sizemore.
We discuss the Cybersecurity Maturity Model Certification (CMMC) and the impact on Department of Defense (DOD) contractors to mature their cybersecurity hygiene in order to compete for US government contracts. CMMC was based on NIST Standards 800-71.
Here are 4 topics we discuss in this episode:
In the near future, contracts are going to be rated L1-3 and if contractors are not certified up to a certain level, they cannot bid on the contract. This is more focused on the smaller defense contractors who up to now, have generally disregarded compliance measures yet are major targets for nation state cyber attacks.
Compliance for DOD contractors is not new and companies were previously allowed to self-attest. When DOD regulatory bodies did the research, 75% of companies were found to be not in compliance. For enforcement, the Department of Justice is now involved and if contractors lie, it’s considered perjury.
Threat intelligence is in an evolutionary stage for larger contractors to monitor their subcontractors to determine if they have vulnerabilities and/or if they have been breached. Third party risk score cards are generally not actionable for defense contractors because the vulnerabilities are not put into context to a business risk. The key is to bring together a threat intelligence picture that can alert on actionable data leaks.
5
2323 ratings
Topic: Title: Data Governance and Threat Intelligence Converge
In Episode 83 of TheCyber5, we are joined by our guest, Egnyte’s Chief Governance Officer, Jeff Sizemore.
We discuss the Cybersecurity Maturity Model Certification (CMMC) and the impact on Department of Defense (DOD) contractors to mature their cybersecurity hygiene in order to compete for US government contracts. CMMC was based on NIST Standards 800-71.
Here are 4 topics we discuss in this episode:
In the near future, contracts are going to be rated L1-3 and if contractors are not certified up to a certain level, they cannot bid on the contract. This is more focused on the smaller defense contractors who up to now, have generally disregarded compliance measures yet are major targets for nation state cyber attacks.
Compliance for DOD contractors is not new and companies were previously allowed to self-attest. When DOD regulatory bodies did the research, 75% of companies were found to be not in compliance. For enforcement, the Department of Justice is now involved and if contractors lie, it’s considered perjury.
Threat intelligence is in an evolutionary stage for larger contractors to monitor their subcontractors to determine if they have vulnerabilities and/or if they have been breached. Third party risk score cards are generally not actionable for defense contractors because the vulnerabilities are not put into context to a business risk. The key is to bring together a threat intelligence picture that can alert on actionable data leaks.