Quick Hits

*** The Defense Department's draft unified cybersecurity standard has received thousands of public comments since its release in early September. Ellen Lord, DOD's acquisition chief, told reporters at an Oct. 18 news briefing the department was taking those responses into consideration as her office prepares for the second draft release of the Cybersecurity Maturity Model Certification during the first week of November. DOD plans to submit the final version of CMMC to an accreditation body in January; its request for information on a CMMC accreditation body closes Oct. 21. Following its roll out next year, Lord said CMMC will be first used on critical programs and technologies. The initial set of RFIs that use the CMMC requirement are planned for release in June 2020. Corresponding requests for proposals are expected to follow that fall.

***The National Treasury Employees Union filed a public comment on Oct. 16 opposing a set of rules that the Office of Personnel Management issued Sept. 17 that would make firing and disciplining federal workers easier. NTEU's main objection to OPM's proposed rules is that they are "not justified by data or research and would set the government on the path toward ruining its own professional, merit-based civil service," the union said in a press release. In its comment, NTEU argued that the "central premise behind the proposed rule changes, which weaken civil service protections for federal workers, is that it is too hard to fire them. Underlying that premise is the belief that more need to be fired." Under OPM's new rules, current practices such as tables of penalties for troublesome employees would be abolished and performance plans for struggling employees would be shortened to 30 days

*** Sen. Maggie Hassan (D-N.H.) has asked the Government Accountability Office to look into how the federal government is helping state and local governments fend off ransomware attacks. In an Oct. 17 letter, Hassan cites findings by cybersecurity firm McAfee that found a 118% increase in ransomware attacks in the first quarter of 2019 and asks GAO auditors to investigate the matter and look at how federal agencies are coordinating to tackle the threat.

"The federal government must do more to help state and local governments prevent and respond to cyberattacks, and this report will give us a key tool to identify how the federal government is doing in this task, and what more can be done," said Hassan in a statement.