Tag Archives: FL

Ready or Not CMMC is Here

Posted on by

Cybersecurity Maturity Model Certification (CMMC) sets security standards for contractors working with the Department of Defense (DoD) to ensure the data they interact with is protected. The standards have been in place since the introduction of the Defense Federal Acquisition Regulation (DFARS) in 2015, and now, 10 years later, a more formalized compliance process is being implemented.

Starting October 1, 2025, the CMMC clause will start to be used in DoD contracts. This clause requires contractors to align their security practices with the CMMC level required by the contract. While contractors have been required to meet rigorous security standards for some time, whether they did was determined primarily through self-attestation. This roll-out introduces the need for third-party validation of compliance claims, ensuring the security of the defense supply chain. Continue reading

Evolving Disaster Response in Our Communities

Posted on by

The Achieving Efficiency Through State and Local Preparedness Executive Order (EO) aims to streamline the coordination between federal, state, and local emergency preparedness and response efforts. The requirements in the EO push more responsibility to state and local agencies for investing in revised preparedness and response plans regarding cyberattacks, wildfires, hurricanes, and other disasters. This guidance supports the idea that "preparedness is most effectively owned and managed at the state, local, and even individual levels, supported by a competent, accessible, and efficient federal government."

Bolstering emergency preparedness has been a critical focus of states and localities even before the EO. As weather related events grow in frequency and intensity, communities across the nation have been working to mitigate the impact of disasters before, during, and after events. Continue reading

The State of Cybersecurity in the States

Posted on by

State and local agencies are some of the most attractive and vulnerable targets for cyber criminals. In 2023, malware attacks increased by 148%, and ransomware incidents increased by 51%. These agencies are targeted because they hold valuable personal data on citizens and control critical services--yet their security efforts have historically been underfunded and under-resourced. However, the tide may be changing.

A report on the ransomware experiences of state and local government in 2024 showed a dramatic decrease in the number of those organizations that were impacted this year. The report found ransomware attacks impacting 34% of state and local governments, marking a sharp decrease from the 69% affected in 2023. Let's take a look at some of the trends and activities that are fueling the improvement in state and local cybersecurity. Continue reading

Zero Trust Passes Key Milestone

Posted on by

In January 2022, the Zero Trust Federal Strategy set a deadline of September 30, 2024, for agencies to adopt some level of zero trust architecture. Based on early indications, agencies have largely met zero-trust goals. The Federal CIO reported in early September that the 24 CFO Act agencies were all over 90% of the way to meeting the zero-trust goals. Beyond that group, the federal government as a whole was at 87% goal completion.

What's Changed?

The shift to zero trust is a response to the way government and citizens are using technology. With the increased use of cloud-based solutions, the traditional "castle and moat" security that protected on-premise infrastructure no longer supports the way applications are being deployed. Zero Trust focuses on continually verifying that users have permission to access the data and systems they are using. Gaining access requires coordination among a number of technologies that all work with a common set of user identification and access policies. Continue reading

Closing the Government Workforce Gap with Innovation in Hiring and Training

Posted on by

Younger workers are not replacing the aging and rapidly retiring federal government workforce at an equal rate. Additionally, the work of government has changed, requiring specialized skills in cybersecurity and Artificial Intelligence (AI) not just in technology jobs but in careers across all departments. There are simply not enough candidates to fill these positions (40,000 in cybersecurity alone) utilizing standard hiring practices. Given this reality, hiring officials are getting innovative in how they fill technical roles.

Utilizing Existing Programs

The Biden administration has worked to modernize internships, apprenticeships, and fellowships to attract younger, less experienced workers to build their resumes within government. The pay for participants in these programs has been raised considerably, making them more attractive and practical to a wider base of people. An apprenticeship sprint for cybersecurity resulted in 7,000 apprentices being hired. These programs are also being used to fast-track development efforts, giving participants real assignments to develop solutions that can be put into use in government today. Continue reading