NIST has issued a Request for Information (RFI) in the Federal Register to gather information about evaluating and improving cybersecurity resources for the cybersecurity framework and cybersecurity supply chain risk management.

All relevant comments must be submitted by 04/25/2022.

• Written comments in response to this RFI may be submitted by mail to Cybersecurity Framework, National Institute of Standards and Technology, 100 Bureau Drive, Stop 2000, Gaithersburg, MD 20899.
• Online submissions in electronic form may be sent to CSF-SCRM-RFI@nist.gov. 
• Cite “RFI: Evaluating and Improving Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management” in all correspondence. 

The Biden-Harris Administration released its vision for the Indo-Pacific region. Its central focus is sustained and creative collaboration with allies, partners, and institutions, within the region and beyond it.

https://www.whitehouse.gov/briefing-room/speeches-remarks/2022/02/11/fact-sheet-indo-pacific-strategy-of-the-united-states/

The rising geopolitical tensions in Eastern Europe have prompted the U.S. Department of Homeland Security’s Cyber and Infrastructure Security Agency to issue a “shields up” advisory (www.cisa.gov/shields-up). The defense industrial base is one of 16 official U.S. critical infrastructure sectors. Via a Defense Department communication received this morning, we encourage you to do three things.

1. Heed the advisory.
2. Report Cyber Incidents. DFARS 252.204-7012 stipulates a contractor’s requirement to rapidly report cyber incidents impacting Covered Defense Information (CDI) and/or the ability to perform operationally critical support within 72 hours of discovery to https://dibnet.dod.mil. For questions or more information, contact DCISE (DC3.DCISE@us.af.mil or call the 24/7 Hotline at 1-877-838-2174).
3. Get Assistance and Partner. These three organizations can assist you.
   • DoD Cyber Crime Center’s (DC3) DoD- Defense Industrial Base Collaboration Information Sharing Environment (DCISE) – www.dc3.mil; DC3.DCISE@us.af.mil; 24/7 Hotline – 1-877-838-2174
   • National Security Agency’s Cybersecurity Collaboration Center (CCC) – https://www.nsa.gov/About/Cybersecurity-Collaboration-Center
   • National Defense Information Sharing and Analysis Center (ND-ISAC) – ND-ISAC is the official ISAC for the DIB Critical Infrastructure Sector recognized by DoD and DHS. The ND-ISAC is a private sector self-organized and self-governing entity; it is a trusted partner providing exceptional technical solutions and support to its members. Please email Info@NDISAC.org to contact the team or see ND-ISAC’s public-facing website at www.ndisac.org.

© 2022 National Defense Industrial Association

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

CISA updated an alert issued for Critical Infrastructure.  DHS Critical Infrastructure includes many of our member industries, such as:

• Defense Industrial Base
• Communications and Energy
• Critical Manufacturing, which includes automobiles

Review the alert to stay up to date on best practices recommendations.

September 21-22, 2022

Join Women in Cybersecurity for WiCyS Northern Alabama live, their first face to face event. Network with cyber professionals and learn more about WiCyS. There will be Amazon gift card giveaways. Pizza and charcuterie on WiCyS! Beverages on you! There will be alcoholic and non-alcoholic options available.

Thursday, June 10, 2021, 5:00 PM – 7:00 PM at Innerspace Brewing Company 2414 Clinton Avenue West Huntsville, AL 35805

This is a FREE event. 

----> REGISTER TODAY <-----

NAC-ISSA’s May lunch will be held live on Thursday, May 20, at 11:30AM.  We will return to 655 Discovery Drive with Walton’s Southern Table catering.  For this event, our sponsor will be virtual but you can join your peers for food and networking as we hear about Arista’s Awake security solution in the 655 Discovery auditorium.  Thank you to i3 and Allen Cloar for being our host at the facility.

Awake Security is the only advanced network detection and response solution that delivers answers, not alerts.  In the demo of Awake’s AI-driven platform we will showcase the capabilities with a demonstration of the key use cases and workflows designed to help customers speed up detection, response and remediation.

Join this session to learn:

How Awake delivers correlated, autonomous threat detection and visibility with the greatest accuracy and lowest false positive rates.

How Awake’s Ava, the world’s first AI-powered security analyst, performs autonomous threat hunting for complex threats.

How Awake optimizes the detection to response workflow while providing you with the ability to customize detection and hunting through Awake’s unique Adversarial Modeling Language.

This event will be hosted both virtually and face to face.  There are two links on the calendar so you can sign up for whichever feels right for you.

Click here for the virtual link.

Click here for the face-to-face link

If you have previously registered to attend virtually but prefer to attend in person, please register again with the face-to-face link so we can get an accurate count for catering. 

NOTE:  following this event, we anticipate moving back to our regularly scheduled third Tuesday of the month if you want to mark your calendar!

Looking forward to seeing everyone at 655 Discovery Drive on May 20! 

Cyber Huntsville 

NAC-ISSA will resume in person lunches with the April Sponsor, MarsSuite. This SIEM/asset discovery/vulnerability management/risk management tool is an essential part of your security compliance management and a great addition to your CMMC suite of solutions.  Rosies will be catering.

Register here if you plan to attend in person. There is another registration for this event if you prefer to view the demo virtually.

Location: Radiance Technology, 310 Bob Heath Drive, Huntsville, AL

Start Time: 11:30AM End Time: 12:30PM

Registration Closes On: 4/20/2021

BSides Huntsville will be presented by NAC-ISSA on February 5-6, 2021. BSides Huntsville is the conference for those that work in the trenches of Cybersecurity. This is the opportunity for you to engage in fierce discussions about the next big ideas or the worst product you've ever seen, but in a friendly and informal setting.

This will be BSides's 7th year in the Rocket City and they intend to make it a great virtual event. All the BSides volunteers are working hard to put together an educational and exceptional virtual experience. Virtual meeting expands the possibility to include more training, workshops, talks, capture the flag, or moderated panels. So if you are just getting started, trying to level up or are already a mad scientist of Cyber Security looking for the next project, go ahead and grab your ticket, there is a hard limit and once they are gone there will be no more. Visit the BSides Huntsville NAC-ISSA site to register for the event.

CMMC stands for “Cybersecurity Maturity Model Certification”. The CMMC will encompass multiple maturity levels that ranges from “Basic Cybersecurity Hygiene” to “Advanced/Progressive”. The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award. The official website can be found at https://www.acq.osd.mil/cmmc/

This past week, several Cyber Huntsville Board members were on a TEAMS call with the creator of the CMMC, Katie Arrington. She provided an overview of the Cyber Resiliency Project that included online training modules and CMMC guide.

• Training: https://projectspectrum.io/#!/pilotProgram
• CMMC Guide: https://projectspectrum.io/#!/abtcmmc

The DOD is planning to migrate to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.

Ms. Arrington is asking for input into the Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) https://www.federalregister.gov/documents/2020/09/29/2020-21123/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of available for public comment by November 30^th.  

We encourage all Cyber Huntsville members, and the entire Tennessee Valley community, to submit comments to the CMMC/DFARS Interim Rule.