Register for CS2 | Boston here: https://cs2.cloud/boston

After nearly two years of silence and almost a decade of waiting the FAR CUI rule is one step closer to reality. In this episode we dive into what the FAR CUI rule is and what it means for federal contractors outside of the defense industrial base.

Podcast listeners use code SUMITUPBOSTON for a discount on CS2 registration!

Register for CS2 | Boston here: https://cs2.cloud/boston

On March 11th, the DoD issued a final rule expanding eligibility for the DIB Cybersecurity Program to non-cleared defense contractors and their managed service providers. This week we dive into the features of the rule, how it lines up with CMMC, and why the DoD final expanded the program after 12 years.

Podcast listeners use the code SUMITUPBOSTON for a discount on registration!

The DIB CS Final Rule: https://www.federalregister.gov/documents/2024/03/12/2024-04752/department-of-defense-dod-defense-industrial-base-dib-cybersecurity-cs-activities

DCISE: https://www.dc3.mil/Missions/DIB-Cybersecurity/DIB-Cybersecurity-DCISE/

The 2020 Cyberspace Solarium Commission Report: https://www.solarium.gov/report

The 2023 Cyberspace Solarium Implementation Report: https://cybersolarium.org/annual-assessment/2023-annual-report-on-implementation/

Register for CS2 | Boston here: https://cs2.cloud/boston

NIST has released their summary of public comments received on the final drafts of SP 800-171 revision 3 and SP 800-171A revision 3. Jason and Jacob dive into when to expect the final revisions and what to expect in the revised requirements.

Podcast listeners get a discount on CS2 registration, just use the code: SUMITUPBOSTON

Episode Links:

NIST CUI Project Page: https://csrc.nist.gov/projects/protecting-controlled-unclassified-information

171r3 Blog: https://www.summit7.us/blog/nist-800-171-rev3-final-draft

ORC Control Poll: https://www.linkedin.com/posts/jacob-evan-horne_supply-chain-security-pop-quiz-nist-control-activity-7168287222444576769-7iw_

Register for CS2 | Boston here: https://cs2.cloud/boston

The public comment period on the CMMC proposed rule has closed so what happens next? In this episode we wade through the red tape in store over the next 12 months.

Podcast listeners use code SUMITUPBOSTON for a discount on registration

Episode Links: CS2 Boston: https://cs2.cloud/boston

“Midnight Rulemaking”: https://www.gao.gov/products/gao-23-105510

DoD's Rule Overview: https://youtu.be/DqRf0DiVBVI?si=2kTZcX45zD5ZPsnp

We Are the World: https://youtu.be/cYfe8RYcz-w

Register for CS2 | Boston here: https://cs2.cloud/boston

It's almost Springtime and that means it's almost time for another CS2 conference. CS2 Boston will be the 13th event in the series and, as always, there's an all-star lineup covering every nook and cranny of DFARS, NIST, and CMMC.

Podcast listeners get 20% off registration with the code SUMITUPBOSTON

Episode Links:

CS2 Boston: https://cs2.cloud/boston

DoD video overview: https://youtu.be/DqRf0DiVBVI?si=rDYWHsAHr6jwPPVm

Register for CS2 | Boston here: https://cs2.cloud/boston

If you thought the publication of one major DoD cyber rule at the end of 2023 caused a lot of issues how about FIVE potential rules and two NIST revisions in 2024? This week we outline the seven rules to watch for in 2024.

Listener discount code: SUMITUPBOSTON

Episode Links:

[Webinar] The Top 10 Questions From the CMMC Rule: https://www.summit7.us/webinars/the-top-10-questions-from-the-cmmc-rule

CS2 Boston: https://cs2.cloud/boston

Midnight Rulemaking: https://www.gao.gov/products/gao-23-105510

Register for CS2 | Boston: https://cs2.cloud/boston

This week we're joined by Alex Canizares to catch up on enforcement trends under the False Claims Act. As a former DOJ trial attorney, Alex walks us through the finer details of FCA cases and what it means for CMMC, defense contractors, and the road ahead.

Episode Links:

Alex Canizares: https://www.linkedin.com/in/alexandercanizares/

Perkins Coie Blog: https://www.perkinscoie.com/en/news-insights/dod-issues-proposed-cmmc-rule-requiring-cybersecurity-assessments-of-contractors.html

Perkins Coie Blog: https://www.perkinscoie.com/en/news-insights/proposed-far-rules-introduce-new-compliance-obligations-and-false-claims-act-risks-for-government-contractors.html

Cyber Civil Fraud Initiative: https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-new-civil-cyber-fraud-initiative

CS2 discount code for our listeners: SUMITUPBOSTON

The Supreme Court is set to upend decades of administrative law doctrine and it will have huge impacts on the cyber regulation landscape. In this episode we sit down with Jim Dempsey, a lecturer at the UC Berkeley Law School and a senior policy advisor at the Stanford Cyber Policy Center, to understand what SCOTUS is up to and what the heck is has to do with CMMC?

Episode Links:

Cyber Law Fundamentals: https://iapp.org/resources/article/cybersecurity-law-fundamentals/

Lawfare Article: https://www.lawfaremedia.org/article/a-cyber-threat-to-u.s.-drinking-water

Cyber Law Podcast: https://open.spotify.com/show/3Co2wdTUaZr4Xqnlxs4soG?si=64382c0b7b7a49c9

Tech Policy Podcast: https://open.spotify.com/episode/1klWdGIAxI7YBTljMvI412?si=ea93f23b3f9143cb

Dissed Podcast: https://open.spotify.com/episode/70GmGuWyEyKI2qNLcqlSIv?si=c69a3b6337ea4227

National Cyber Strategy: https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/

Chevon Deference: https://ballotpedia.org/Chevron_deference_(doctrine)

Auer Deference: https://ballotpedia.org/Auer_deference

With five rulemaking efforts, multiple NIST revisions, and everything else going on in the DoD cyber regulation space it's hard to keep up with what's happening. In this episode we try and predict what's coming around the corner in 2024.

Episode Links:

Register for CS2 Boston: https://cs2.cloud/boston

DoD IG Report Episode: https://youtu.be/_3GLX6ele_E?si=KKhtgbjsxiLXWVJd

Stephanie Siegmann: https://youtu.be/d1yweDy2wV4?si=naLAhZPV794TAC66

DoD IG Audit: https://www.linkedin.com/posts/jacob-evan-horne_dod-ig-dod-process-for-accrediting-c3paos-activity-7114319133088866304-uhU5

RAS Syndrome: https://en.wikipedia.org/wiki/RAS_syndrome

The DoD has released yet another strategy document that claims to have the answer for expanding the defense supply chain while also increasing cybersecurity requirements. Maybe this time it will be different? This week we dive into the National Defense Industrial Strategy to see if there is anything to learn about the DoD's position on the impacts of CMMC.

Episode Links:

Register for CS2 Boston: https://cs2.cloud/boston

NDIS: https://www.businessdefense.gov/NDIS.html

DoD Cyber Strat: https://www.defense.gov/News/Releases/Release/Article/3523199/dod-releases-2023-cyber-strategy-summary/

“The Last Supper”: https://www.washingtonpost.com/archive/business/1997/07/04/how-a-dinner-led-to-a-feeding-frenzy/13961ba2-5908-4992-8335-c3c087cdebc6/

View the full webinar, CMMC Published: A Comprehensive Overview of the Proposed CMMC Rule On-Demand here: https://www.summit7.us/webinars/proposed-cmmc-rule