security

How Defense Contractors Get A Facility Security Clearance

Every good enterprise proprietor understands how vital it is to hire a private security company in right now’s instances when crimes have turn out to be so widespread that one theft takes places each five minutes or so in a single space or the opposite. In either case, you’d most likely be higher off on the lookout for another general contractor firm. Skills, credentials, and an excellent track report of efficiently completed jobs are necessary of course, however it’s within the day-to-day building job that you will really see the worth of your constructing contractor.

Skilled contractors provide the supplies and do their predefined work inside the specified time and worth as agreed upon. Since any monies paid out of pocket are cash taken away out of your paycheck, see if you will get these prices reimbursed. Always keep in mind to hire the best contractor close to your locality as a result of they are going to perceive the local market and the development of that space.

Do It Yourself – Without working a long time within the building industry, you will not have many contacts on the subject of looking for the best value on materials. In actual fact, it’s a pretty strong game changer for contractors keen to put the proper instruments in place.

Most individuals rent portray contractors for the outside work on their dwelling however you’ll be amazed at the difference you will really feel after having the inside professionally achieved. Subcontractors have the liberty of choosing who works with them on their initiatives.

You could be essentially the most expert, finest managed building firm, with a steady of proficient subcontractors and still exit of business in case you would not have a robust process in place on bidding for every job. Contractor – Contractors …

Continue Reading

Federal Contractors Argue Cyber Insurance Isn’t a Safe Bet for Better Security

A broad range of federal contractors fear a watchdog report on the government’s role facilitating coverage of cybersecurity risks—included in the House-passed National Defense Authorization Act—will lead to a mandate that their companies hold related insurance policies.

In a recent letter to leaders of the House and Senate Armed Services committees, the Professional Services Council opposed a provision in the House bill calling for the Government Accountability Office to produce recommendations after studying the state of the insurance industry and the extent to which it’s tied to minimum standards for cybersecurity.

The provision—Sec. 1710A—doesn’t require federal contractors to have cyber insurance policies, but it is grouped together in the letter with a number of other proposals around cyber threat hunting and intelligence sharing that are based on recommendations of the public-private, nonpartisan, congressionally established Cyberspace Solarium Commission. 

The commission’s lawmakers—who represent the political spectrum—are trying to get as many of its recommendations as possible to survive conference negotiations and make it into the final annual defense authorization bill.  

“PSC appreciates the extensive work of the Cyberspace Solarium Commission and believes that the report and many of its recommendations will significantly improve cybersecurity and cyber hygiene,” the group wrote. “That said, the inclusion of these specific provisions would require significant contractor community investments while providing few if any benefits to cybersecurity.” 

The commission proposes a whole new ecosystem of government and government-adjacent structures based on its preference for financial incentives instead of regulatory mandates. For at least a decade, policy makers on both sides of the aisle have posited that given a boost, cybersecurity insurance could perform the same role of government regulations in improving organizations’ cybersecurity practices. One way they saw of helping the market along, then and now, is to use the government’s purchasing power. 

“Insurers will require a

Continue Reading

Chrome 86 released with password-related security improvements

chrome86-passwords.png

Image: Google

Google has released Chrome 86 today to the stable channel, and this new release includes numerous security enhancements and new APIs for developers.

Each new Chrome release usually focuses on a main theme. For example, Chrome 84 focused on UI overhauls, while Chrome 85 focused on speed and API improvements.

On that tune, Chrome’s new v86 release comes with loads of password and security-related upgrades, but also with several deprecations and new APIs also included under the hood as well.

Password-checking feature coming to mobile

In December 2019, with Chrome 79, Google added a feature to Chrome named Password Checkup that would take the user’s synced passwords and check to see if they’ve been leaked online during data breaches at other companies.

With Chrome 86, Google says this feature (known as Safety Check since May 2020) is now coming to mobile versions of Chrome on Android and iOS.

Google Password Checkup

Image: Google [supplied]

Easier to change compromised passwords

Furthermore, Safety Check itself is also getting updates. Starting with Chrome 86, Safety Check supports the “.well-known/change-password” standard.

This is a W3C standard that allows websites to specify the URL where users can go to change their passwords.

Chrome 86 adding support for this standard means that users can press a button in the Chrome password settings screen and go directly to that page and change the password right away, rather than search blindly through a website’s complicated structure.

Biometric authentication for password filling on iOS

Google is also expanding the touch-to-fill feature on iOS. Originally launched on Android in July, this feature works by detecting the site the user is navigating on and then prompting the user to autofill passwords, if credentials are recorded.

The feature was created to prevent users from autofilling passwords on phishing sites, but it

Continue Reading

SMIC Joins the Big Bath of China Security Threats

The rules don’t appear as strict as those placed on Huawei Technologies Co. earlier this year, according to Bloomberg News. That move ended up forcing suppliers like Taiwan Semiconductor Manufacturing Co. to stop making chips to the Chinese company’s design.

Yet the timing should raise eyebrows. The U.S. Commerce Department is implementing the ban because products sold to the chipmaker pose an “unacceptable risk of diversion to a military end use,” according to a letter from the department’s Bureau of Industry and Security, the report said.

That sounds terrifying. In reality, anything sold to any company could end up having a military use: from an operating system developed by a software maker (armies use computers), to rubber and chemicals made by industrial giants (military trucks have tires).

Despite the increased rhetoric from the Trump administration, the U.S. doesn’t apply arbitrary rules to its definition of military end use. In fact, the bureau has a set of guidelines on the topic. In April, it broadened its definition while adding China to a small cohort of nations — Russia and Venezuela being the others — for which a specific set of Export Administration Regulations apply. It outlined the likely result:

This expansion will require increased diligence with respect to the evaluation of end users in China, particularly in view of China’s widespread civil-military integration.

A month later, the department added 24 groups to its entities list because of a risk that they would support “procurement of items for military end-use in China.” SMIC wasn’t among them. 

It’s possible that something happened over the past four months to make the Commerce Department suddenly worried about the threat from SMIC. Maybe that extra $7 billion it raised in a Shanghai listing two months ago raised red flags, or it could be that the chip

Continue Reading

The Facility Security Clearance – How Defense Contractors Get Clearances

Before a defense contractor can perform on a classified contact, it must be approved for a security clearance. You might familiar with security clearances for people, but defense contractor facilities must also be approved for security clearances called a facility clearance (FCL). Having an FCL doesn’t mean that a particular building is approved for a clearance, but rather the determination is based on the entity. For example, a defense contractor facility may be a sole proprietorship, a limited liability company, corporation, university or other recognized establishment. It is the organization itself and not the building that gets the clearance.

A company cannot process itself for a clearance. The clearance is based on a legitimate classified contract from either a government entity or other prime contractor. A company can bid on a classified contract even if it does not possess an FCL. However, it must receive the FCL prior to beginning to work on the classified contract.

When a defense contractor has a legitimate need for a clearance, it is sponsored by the awarding government agency or prime contractor. This sponsorship begins the process of the clearance request. The sponsoring organization notifies Defense Security Services (DSS) who works with the defense contractor to complete the requirements for an FCL. To be eligible for a clearance, the defense contractor facility must first have a good reputation for doing business and be in good standing. DSS will research and evaluate the company. Meanwhile, the candidate company works with DSS to provide four remaining requirements.

SECURITY AGREEMENTS

A security agreement (DD Form 441) must be signed. This agreement describes the responsibilities that both the contractor and government have to protect classified information. For example, in the security agreement the government agrees to provide security clearances and the contractor agrees to follow the National Industrial …

Continue Reading