Monday, June 29, 2020


I lecture about maturity models a lot. I’d like to produce mature IT managers. Government likes to produce its own ‘Catch 22.’
Achieving CMMC Compliance: Navigating Unchartered Waters
Does your organization do business with the Department of Defense (DoD) and process, store, or transmit Controlled Unclassified Information (CUI)? If so, you probably rushed to create documentation to self-attest NIST SP 800-171 compliance when DoD issued the Defense Federal Acquisitions Regulations System (DFARS) 252.204-7012 back in 2017 to protect CUI confidentiality.
Things are different now, with the introduction of the Cybersecurity Maturity Model Certification (CMMC) in January 2020 (cue warning music). This new program just changed the calculus for about 350,000 businesses that deal with the DoD in every aspect—from supply chain to cybersecurity. Although the CMMC security requirements are not that different from 800-171 (in fact, all 110 requirements are included in CMMC Level 3, verbatim), CMMC introduces a few new things, including the need for a pre-award validation of CMMC compliance using an accredited independent auditor. Uh-oh! You are also required to show you are compliant with DFARS clause 252.204-7012, which includes implementing additional requirements related to incident reporting and forensics, commonly referred to as clauses (C)–(G).
That, of course, creates a whole new set of challenges for businesses that will have to comply by October 2020, according to DoD’s current projections.
As of this date, the CMMC Accreditation Board (AB) has not announced accreditation guidelines for how to become one of those auditors—called a C3PAO—so no such auditors exist.




Recourse.
From the Reference Desk: Cyber Operations and International Law
FCIL Special Interest Section of AALL – Jonathan Pratter – “A student had a question: If State A doxes State B for hacking State C, what would be the result under international law? The student was in the law school class, International Law of Cyber Conflict. My immediate response was, “That is a good question. Let me get back to you.” Every reference librarian needs a fall-back response like this. We can’t know everything immediately. The question was substantive, but since the student was asking a librarian, I understood that she wanted to know what resources there are that would help answer the question…”




Gartner talks to CIO’s and other IT leaders. This is interesting!
100 Data and Analytics Predictions Through 2024
The digital business future provides organizations with nearly unlimited possibilities to create business value. Increasingly, data and analytics have become a primary driver of business strategy, and the potential for data-driven business strategies and information products is greater than ever. It is a part of everything that organizations do. Yet, for many, the ability to “think in data” is still difficult.
Gartner’s annual predictions disclose the varied importance of data and analytics across an ever-widening range of business and IT initiatives.
Complete the form to get your free copy.




A tool for “WHEN.” Also some forensic applications?
Microsoft’s New ‘Windows File Recovery’ Tool Restores Deleted Data
How To Recover Deleted Data With The New Microsoft Windows 10 File Recovery Tool: “Anyone who has accidentally deleted a file knows the panic that comes with the mistake. Sometimes you can find the files in the recycle bin and restore them, but other times the files are just plain gone. Anyone familiar with how Windows and other operating systems work might know that files aren’t actually deleted, they’re marked to allow other data to overwrite them in the future. That means with the right recovery software, there is a chance to recover “deleted” files like images or documents. To that end, Microsoft has quietly launched a new tool specifically to help with this task. The new tool is called Windows File Recovery and it’s free…the tool can be found here, and the app is available to download here …”




Evidence” Washington is infected?



No comments: