On December 4, the Department of Defense Office of Inspector General (DoD OIG) issued a “special” Audit Report1 (the Report) that provides insight into common cybersecurity weaknesses related to the protection of Controlled Unclassified Information (CUI). Notably, the report explains that its contents are derived, in part, from support the DoD OIG has provided to Department of Justice (DoJ) Civil Cyber-Fraud Initiative investigations. As background, the Report explains that over the 2018 through 2023 period, the DoD OIG has issued five audit reports focused on DoD contractors’ “inconsistent implementation of Federal cybersecurity requirements for protecting CUI that are contained in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.” The Report also states that the DoD OIG has supported five DoJ investigations conducted under the auspices of the Civil Cyber-Fraud Initiative.
As noted in the Report, DoD currently has over 183,000 active contracts covering all sectors of the economy, many of which require contractors to process, store and/or transmit CUI on their own networks and systems. Through DFARS 252.204-7012, DoD requires its contractors handling CUI to implement, or have a plan to implement, the 110 security controls found in NIST SP 800-171,2 which cover a wide array of subjects, including access controls, audit and accountability, incident reporting, physical protection and risk/security assessments, among others. At a...
Kriti Sanon’s Do Patti song ‘Raanjhan’ landed in controversy after international band KMKZ accused composers Sachet-Parampara of plagiarism. The duo dismissed the claims as false, calling them a bi...