A new congressional report recommending a FedRAMP-style framework for commercial data brokers has reignited a long-running debate in Washington: whether federal agencies should be able to buy sensitive personal data on the open market without the same legal scrutiny required for traditional surveillance.

Supporters of reform argue that the rapid growth of the data brokerage ecosystem (typical in the private sector across enterprise retail and social media) has outpaced oversight. National security officials, however, claim that commercially available data has become an essential tool for mission execution. The report’s recommendations suggest policymakers are increasingly interested in closing that gap.

Read More

Federal cybersecurity has long since moved beyond compliance for its own sake. Still,  one of the most persistent and dangerous mistakes organizations continue to make is equating compliance with security.

This article repeats a common message that we’ve been hammering home for years: that risk reduction, not box-checking, must be the organizing principle of modern cybersecurity programs, particularly for organizations operating in regulated or government-adjacent environments.

Read More

Starting in Q1 2025, software providers in the DoD supply chain must align their security with CMMC 2.0 standards. While many enterprise customers have been spending that past year getting ready, the reality is that most businesses don’t share this level of preparedness–specifically, small businesses. 

Meeting the challenges of a complex framework like CMMC can be challenging for SMBs with limited IT resources. Here, we’ll discuss how these organizations can prepare for their impending compliance requirements and maintain their contractual arrangements within the Defense supply chain. 

Read More