At the beginning of March 2020, Fifth Domain reported that Colorado-based aerospace, automotive and industrial parts manufacturer Visser Precision LLC had suffered a DoppelPaymer ransomware infection. Those behind this attack ultimately published information stolen from some of Visser’s customers. Those organizations included defense contractors Lockheed Martin, General Dynamics, Boeing and SpaceX.As the attack discussed above illustrates, digital threats like DoppelPaymer threaten to weaken the federal government’s supply chain by targeting contractor organizations. At best, these contractors will undertake lengthy investigations and ultimately be required to make difficult, and potentially costly, decisions in order to minimize the damage of these sophisticated attacks to themselves and their government customers. At worst, these attacks will expose information that compromises national security.It’s therefore no wonder that the U.S. government is pursuing several initiatives in an effort to better secure its supply chain. Two of the most prominent of these efforts are SP 800-171, Revision 2 and Cybersecurity Mature Model Certification (CMMC).SP 800-171 Rev. 2On February 21, 2020, the National Institute of Standards and Technology (NIST) released the final draft of SP 800-171, Revision 2, entitled “Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations.” The motivation for this publication is the understanding that controlled unclassified information (CUI) residing on non-federal systems could limit the U.S. government’s ability to effectively fulfill its missions and business operations if not properly sec ..
Support the originator by clicking the read the rest link below.
