|
Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification (CMMC) is an assessment framework and assessor certification program designed to increase the trust in measures of compliance to a variety of standards published by the National Institute of Standards and Technology. The CMMC framework and model was developed by Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) of the United States Department of Defense through existing contracts with Carnegie Mellon University, The Johns Hopkins University Applied Physics Laboratory, Johns Hopkins University Applied, Physics Laboratory LLC, and Futures, Inc. ThCybersecurity Maturity Model Certification Accreditation Bodyoversees the program under a no cost contract. The program is currently overseen by the Assistant Secretary of Defense for Networks and Information Integration, DOD CIO office. CMMC, which often requires third party assessment if a contractor handles Controlled Unclassified Information, will impact th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
National Institute Of Standards And Technology
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into Outline of physical science, physical science laboratory programs that include Nanotechnology, nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901 to 1988, the agency was named the National Bureau of Standards. History Background The Articles of Confederation, ratified by the colonies in 1781, provided: The United States in Congress assembled shall also have the sole and exclusive right and power of regulating the alloy and value of coin struck by their own authority, or by that of the respective states—fixing the standards of weights and measures throughout the United States. Article 1, section 8, of the Constitution of the United States, ratified in ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
United States Secretary Of Commerce
The United States secretary of commerce (SecCom) is the head of the United States Department of Commerce. The secretary serves as the principal advisor to the president of the United States on all matters relating to commerce. The secretary reports directly to the president and is a statutory member of Cabinet of the United States. The secretary is appointed by the president, with the advice and consent of the United States Senate. The secretary of commerce is concerned with promoting American businesses and industries; the department states its mission to be "to foster, promote, and develop the foreign and domestic commerce". Until 1913, there was one secretary of commerce and labor, uniting this department with the United States Department of Labor, which is now headed by a separate United States secretary of labor. Secretary of Commerce is a Level I position in the Executive Schedule, thus earning a salary of US$221,400, as of January 2021. The current secretary of com ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FIPS 140-3
The Federal Information Processing Standard Publication 140-3, (FIPS PUB 140-3), is a U.S. government computer security standard used to approve cryptographic modules. The title is ''Security Requirements for Cryptographic Modules''. Initial publication was on March 22, 2019 and it supersedes FIPS 140-2. Purpose The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series to coordinate the requirements and standards for cryptography modules that include both hardware and software components. Federal agencies and departments can validate that the module in use is covered by an existing FIPS 140 certificate that specifies the exact module name, hardware, software, firmware, and/or applet version numbers. The cryptographic modules are produced by the private sector or open source communities for use by the U.S. government and other regulated industries (such as financial and health-care institutions) that collect, store, transfer, share and dissem ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FIPS 140-2
The Federal Information Processing Standard Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules. The title is ''Security Requirements for Cryptographic Modules''. Initial publication was on May 25, 2001, and was last updated December 3, 2002. Its successor, FIPS 140-3, was approved on March 22, 2019, and became effective on September 22, 2019. FIPS 140-3 testing began on September 22, 2020, although no FIPS 140-3 validation certificates have been issued yet. FIPS 140-2 testing was still available until September 21, 2021 (later changed for applications already in progress to April 1, 2022), creating an overlapping transition period of more than one year. FIPS 140-2 test reports that remain in the CMVP queue will still be granted validations after that date, but all FIPS 140-2 validations will be moved to the Historical List on September 21, 2026 regardless of their actual final validation date. Purpose Th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FIPS 140
The 140 series of Federal Information Processing Standards ( FIPS) are U.S. government computer security standards that specify requirements for cryptography modules. , FIPS 140-2 and FIPS 140-3 are both accepted as current and active. FIPS 140-3 was approved on March 22, 2019 as the successor to FIPS 140-2 and became effective on September 22, 2019. FIPS 140-3 testing began on September 22, 2020, although no FIPS 140-3 validation certificates have been issued yet. FIPS 140-2 testing is still available until September 21, 2021 (later changed for applications already in progress to April 1, 2022), creating an overlapping transition period of one year. FIPS 140-2 test reports that remain in the CMVP queue will still be granted validations after that date, but all FIPS 140-2 validations will be moved to the Historical List on September 21, 2026 regardless of their actual final validation date. Purpose of FIPS 140 The National Institute of Standards and Technology (NIST) issues t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. In 2011, the Office of Management and Budget (OMB) released a memorandum establishing FedRAMP "to provide a cost-effective, risk-based approach for the adoption and use of cloud services to Executive departments and agencies." The General Services Administration (GSA) established the FedRAMP Program Management Office (PMO) in June 2012. The FedRAMP PMO mission is to promote the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment. Per the OMB memorandum, any cloud services that hold federal data must be FedRAMP authorized. FedRAMP prescribes the security requirements and process cloud service providers must follow in order for the government to use their s ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Defense Industrial Base
The term defense industrial base (or DIB), also known as the defense industrial and technological base, is used in political science to refer to a government's industrial assets that are of direct or indirect importance for the production of equipment for a country's armed forces. It is loosely associated with realism, which views the state as the preponderant guarantor of security, and frequently features as an element of grand strategy and defense policy, as well as diplomacy. United States A commonly cited example of a defense industrial base is that of the United States, where, given the onset of the Cold War accompanied by the outbreak of the Korean War, the maintenance "of a peacetime defense industry of significant proportions was an unprecedented event." Researchers and public figures critical of close ties among legislators, militaries, and the defense industrial base due to a government's monopoly on demand for products of the latter employ the concept of the military ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
General Services Administration
The General Services Administration (GSA) is an independent agency of the United States government established in 1949 to help manage and support the basic functioning of federal agencies. GSA supplies products and communications for U.S. government offices, provides transportation and office space to federal employees, and develops government-wide cost-minimizing policies and other management tasks. GSA employs about 12,000 federal workers. It has an annual operating budget of roughly $33 billion and oversees $66 billion of procurement annually. It contributes to the management of about $500 billion in U.S. federal property, divided chiefly among 8,700 owned and leased buildings and a 215,000 vehicle motor pool. Among the real estate assets it manages are the Ronald Reagan Building and International Trade Center in Washington, D.C., which is the largest U.S. federal building after the Pentagon. GSA's business lines include the Federal Acquisition Service (FAS) and ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
DFARS
The Federal Acquisition Regulation (FAR) is the principal set of rules regarding Government procurement in the United States,. and is codified at Chapter 1 of Title 48 of the Code of Federal Regulations, . It covers many of the contracts issued by the US military and NASA, as well as US civilian federal agencies. The largest single part of the FAR is Part 52, which contains standard solicitation provisions and contract clauses. Solicitation provisions are certification requirements, notices, and instructions directed at firms that might be interested in competing for a specific contract. These provisions and clauses are of six types: (i) required solicitation provisions; (ii) required-when-applicable solicitation provisions; (iii) optional solicitation provisions; (iv) required contract clauses; (v) required-when-applicable contract clauses; and (vi) optional contract clauses." If the FAR requires that a clause be included in a government contract, but that clause is omitted, cas ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
NIST SP-800-171
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical science laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901 to 1988, the agency was named the National Bureau of Standards. History Background The Articles of Confederation, ratified by the colonies in 1781, provided: The United States in Congress assembled shall also have the sole and exclusive right and power of regulating the alloy and value of coin struck by their own authority, or by that of the respective states—fixing the standards of weights and measures throughout the United States. Article 1, section 8, of the Constitution of the United States, ratified in 1789, granted these powers to the new Congre ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Defense Federal Acquisition Regulation Supplement
The Federal Acquisition Regulation (FAR) is the principal set of rules regarding Government procurement in the United States,. and is codified at Chapter 1 of Title 48 of the Code of Federal Regulations, . It covers many of the contracts issued by the US military and NASA, as well as US civilian federal agencies. The largest single part of the FAR is Part 52, which contains standard solicitation provisions and contract clauses. Solicitation provisions are certification requirements, notices, and instructions directed at firms that might be interested in competing for a specific contract. These provisions and clauses are of six types: (i) required solicitation provisions; (ii) required-when-applicable solicitation provisions; (iii) optional solicitation provisions; (iv) required contract clauses; (v) required-when-applicable contract clauses; and (vi) optional contract clauses." If the FAR requires that a clause be included in a government contract, but that clause is omitted, case ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
