Reports - eResilience

RESOURCES

NEW Department of Defense (DoD) Defense Industrial Base (DIB) Cybersecurity (CS) Activities

The DoD released a final rule that revises eligibility criteria for the voluntary DIB Cybersecurity Program, allowing all contractors who handle CDI (DoD CUI) to benefit from bilateral information sharing, which was previously available only to cleared contractors. This ruling also replaces the need for a Medium Assurance Certificate to access the DIBNet portal for cyber incident reporting by allowing registration for DIBNet access through the Procurement Integrated Enterprise Environment (PIEE). Link | Download

NEW Initial Public Draft: NIST SP 800-171 Rev. 3 (Draft)

NIST has released the initial public draft of SP 800-171 Revision 3, which includes updates to the security requirements and families, updated tailoring criteria, and other enhancements. Link | Download

DoD Cybersecurity: Enhanced Attention Needed to Ensure Cyber Incidents Are Appropriately Reported and Shared

The Government Accountability Office (GAO) released a report indicating multiple areas that need improvement in the DoD Cyber Incident Reporting process. Highlights: Link | Download Full Report: Link | Download

DoD Inspector General Report: Audit of the Protection of Military Research Information and Technologies Developed by Department of Defense Academic and Research Contractors

The DoD Office of the Inspector General released the findings of an audit regarding NIST 800-171 compliance among DoD research contractors and academic institutions, finding that the protection of CUI is not adequate and that contracting officers must increase the emphasis on compliance. Link | Download

2019 NDIA Cybersecurity Report – “Beyond Obfuscation: The Defense Industry’s Position within Federal Cybersecurity Policy” A Report of the NDIA Policy Department (October 2019)

This 2019 report provides analysis and results from NDIA cybersecurity surveys, indicating that attacks are common, the supply chain is vulnerable, and there is widespread non-compliance throughout the DIB. Link | Download

Audit of Protection of DoD Controlled Unclassified Information on Contractor-Owned Networks and Systems DoDIG-2019-105 (July 23, 2019)

The Department of Defense Office of Inspector General (DoD OIG) released an audit report regarding the protection of Controlled Unclassified Information (CUI) on contractor networks. The audit found that DoD contractors did not consistently implement DoD-mandated system security controls for safeguarding Defense information. Link | Download

- Brief Results: Link

Secretary of the Navy Cybersecurity Readiness Review (March 4, 2019)

The independent Cybersecurity Readiness Review, requested by The Secretary of the Navy, examined the Department of the Navy’s cybersecurity posture and identified five critical pillars key to cybersecurity readiness: culture, people, structure, processes, and resources. Link | Download

MITRE Report: Deliver Uncompromised – A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War (August 2018)

“Deliver Uncompromised” is an Advisory Document for the United States Government that provides insight and recommendations relating to the security of the defense industrial base, touching a range of topics including legislation and regulation, policy and administration, acquisition and oversight, programs and technology. The Deliver Uncompromised report recommends establishing security as the “4th Pillar” of defense acquisition, equal in importance to cost, performance, and schedule. Download

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
_gat_gtag_UA_136970874_1	1 minute	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-others	1 year	No description