Last Month in Cyber – Issue 30

Share This Post:

We keep an eye on what’s happening in the cybersecurity world so you don’t have to. Here’s a recap of what we considered the highlights from last month.

 
The DOD hopes to begin implementing its Cybersecurity Maturity Model Certification (CMMC) program requirements in contracts in May 2023, contingent upon an interim rule from the federal rulemaking process for the Code of Federal Regulations (CFR) and the Defense Federal Acquisition Regulation Supplement.
 
 
The first real test of CMMC version 2.0 should come in the form of tabletop exercises in mid-to-late June or early July. Stacy Bostjanick, the chief of implementation and policy in the DoD’s Office of the DoD Chief Information Officer, said that they want to run exercises where they actually fabricate a program and make sure they’re looking for the right information.
 
 
A global survey of 1,000 cybersecurity professionals conducted by cybersecurity firm Trellix found that 30% are planning to change professions in two or more years. The report also included interesting metrics on job satisfaction and diversity in the workforce.
 
 
A flaw initially described as a non-security issue in April is now being exploited enough for Microsoft to recommend mitigation measures. The flaw exists in the Microsoft Support Diagnostic Tool (MSDT) and allows for remote code execution from Office documents even when macros are disabled.
 
 
On May 12, 2021, President Biden issued Executive Order 14028 on “Improving the Nation’s Cybersecurity.” This EO requires the Government to only purchase software that is developed securely, and directs the NIST to “issue guidance identifying practices that enhance the security of the software supply chain.”
 

More from the blog

Learn More About Upcoming Events