slider

Netizen: Monday Security Brief (10/14/2024)

Today’s Topics:

  • DoD Finalizes CMMC 2.0 Rule: What Contractors Need to Know for 2025 Compliance
  • 77,000 Customers Impacted in Fidelity Investments Data Breach
  • How can Netizen help?

DoD Finalizes CMMC 2.0 Rule: What Contractors Need to Know for 2025 Compliance

The Department of Defense (DoD) has taken a significant step toward rolling out its updated Cybersecurity Maturity Model Certification (CMMC) 2.0 by releasing the final rule. The rule is now available for public review on the Federal Register, with the official publication expected on October 15. This move sets the stage for full implementation of CMMC 2.0 by mid-2025, according to the DoD’s recent announcement.

CMMC 2.0 is designed to help safeguard sensitive government information—like controlled unclassified information (CUI) or federal contract information (FCI)—on contractor systems. The model introduces tiered levels of cybersecurity compliance based on the nature of the data a contractor handles. The goal is to protect DoD data from being exploited by adversaries while streamlining the process, especially for smaller contractors. CMMC 2.0 reduces the compliance levels from five to three to make it easier for companies to meet these new standards.

This effort is the culmination of several years of work. It began during the previous administration when the initial framework was developed. In December 2023, the DoD kickstarted the federal rulemaking process for CMMC 2.0 by publishing a proposed rule. This was followed in August 2024 by another proposal to update the Defense Federal Acquisition Regulation Supplement (DFARS), which will make cybersecurity a key factor in future Pentagon contracts.

The plan is for these DFARS updates to be finalized and implemented by mid-2025. At that point, CMMC compliance will be a requirement in DoD contracts. Contractors that handle CUI or FCI must meet the appropriate cybersecurity level to secure contract awards.

For companies dealing with less sensitive data, the DoD has built in flexibility, allowing them to conduct self-assessments of their cybersecurity practices. However, those handling more critical information will be required to undergo third-party assessments or assessments led by the Defense Industrial Base Cybersecurity Assessment Center to verify their compliance.

The CMMC initiative hasn’t been without criticism. Many in the defense industry, particularly small businesses, have expressed concerns over the cost and complexity of meeting these new requirements. In response, the DoD has committed to providing resources to help contractors navigate the process.

One important feature of CMMC 2.0 is the introduction of “Plans of Action and Milestones” (POA&Ms). This allows contractors who haven’t yet met all the required cybersecurity standards to receive a provisional certification for 180 days, giving them time to reach full compliance without losing out on contract opportunities.

The DoD recognizes that meeting these new cybersecurity requirements will take time and effort, but it’s urging businesses in the defense sector to begin assessing their current security practices and start preparing for the upcoming CMMC assessments.

To read more about this article, click here.


77,000 Customers Impacted in Fidelity Investments Data Breach

Fidelity Investments is alerting tens of thousands of individuals that their personal information was compromised in a recent data breach. The financial services company reported that unauthorized activity occurred between August 17 and 19, leading to the exposure of sensitive customer information.

According to reports filed with attorney generals in various states, the attacker created two fraudulent customer accounts. These accounts were then used to access and retrieve images of documents containing personal details from an internal Fidelity database. The breach was identified and contained on August 19, after which Fidelity acted quickly to shut down the unauthorized access.

While Fidelity has indicated that the breach impacted only a “small subset” of customers, it reported to Maine’s Attorney General that over 77,000 individuals were affected. Compromised information includes names, Social Security numbers, financial account details, and driver’s license data. However, the company assured that no customer accounts or funds were jeopardized.

In response, Fidelity is offering those impacted two years of free credit monitoring and identity restoration services. This breach marks the second significant security incident the company has disclosed in 2024. Earlier this year, roughly 30,000 individuals were notified of a separate data breach involving a third-party service provider, Infosys McCamish System (IMS).

Fidelity Investments, which manages $14 trillion in assets and serves over 51 million individual investors, continues to take steps to address these security challenges and safeguard customer information.

To read more about this article, click here.


How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 


Copyright © Netizen Corporation. All Rights Reserved.