The accreditation body responsible for helping operationalize the Department of Defense’s Cybersecurity Maturity Model Certification program has rebranded itself, seven months after the Pentagon revamped its initiative to ensure contractors meet standards for safeguarding sensitive information.

CMMC-AB adopted the name The Cyber AB, created a new website and redesigned its emblem as part of the rebranding move, the Maryland-based nonprofit said Tuesday.

The organization’s roles and responsibilities under a support agreement with the Pentagon will remain the same.

“As we get closer to CMMC becoming an operational reality, it was important for us to distinguish ourselves more effectively,” said Matthew Travis, CEO of The Cyber AB.

The non-governmental entity updated its online marketplace that lists service providers and other parties involved in the certification program for the defense industrial base’s cybersecurity efforts.

DOD formally introduced the program in January 2020 in a move to establish a mechanism for confirming the cyber readiness of defense primes and their subcontractors before they can do business with the department.

The Pentagon launched CMMC 2.0 in November last year after completion of an internal review.

The Cybersecurity and Infrastructure Security Agency, the National Security Agency and the FBI have released a joint advisory saying major telecommunications companies and network service providers have been targeted by Chinese state-backed cyberthreat actors using publicly known vulnerabilities since 2020.

Hackers are exploiting common vulnerabilities and exposures to compromise network devices, such as network attached storage devices and small office/home office routers, and gain access into victims’ accounts, NSA said Tuesday.

The three agencies listed the top network device CVEs that Chinese state-sponsored threat actors exploit, including vulnerabilities that allow remote code execution, privilege elevation and authentication bypass to compromise networks.

According to the advisory, threat actors carry out their intrusions by accessing hop points or compromised servers from several China-based internet protocol addresses resolving to various internet service providers in China. 

These hackers “typically obtain the use of servers by leasing remote access directly or indirectly from hosting providers,” the advisory reads.

Some of the mitigation measures outlined in the advisory are keeping systems patched and updated as soon as possible; removing suspected compromised devices from the network; segmenting networks to block lateral movement; enforcing multifactor authentication; disabling external management capabilities; and performing regular data backup procedures.

The Department of Energy is seeking cybersecurity offerings capable of authenticating distributed energy resources for modern electrical grid protection under the Clean Energy Cybersecurity Accelerator initiative.

DOE said Monday CECA will allow for expedited tech development in support of utilities looking to tackle security issues compromising modern energy platforms, with five participants planned to be selected for the program’s first cohort.

Partnership with utilities is one key feature of the initiative, providing organizations with access to cybersecurity innovation and to the testing and evaluation capabilities of the National Renewable Energy Laboratory, which manages CECA.

Meanwhile, DOE’s Office of Cybersecurity, Energy Security and Emergency Response sponsors the program along with utility industry partners.

“Through this testing platform, solutions providers will have the opportunity to test and validate technologies against the highest priority cyber threat scenarios, aiding in our efforts to outpace the speed of emerging threats to our evolving energy infrastructure,” said Kelly Speakes-Backman, principal deputy assistant secretary for energy efficiency and renewable energy.

Interested parties may submit applications until July 6th for CECA Cohort 1.

The Cybersecurity and Infrastructure Security Agency has urged private sector organizations to help raise public awareness about two-factor authentication as a method to strengthen the security of online accounts.

CISA said Monday it seeks to inform all people in the U.S. of the advantages of implementing a layered data protection approach through the campaign, dubbed More Than a Password.

The agency created a webpage that offers an informative guide and a social media toolkit as part of the awareness initiative.

“Whether you call it multi-factor or two-factor authentication, this simple step can make you 99% less likely to get hacked. Think of it like an airbag or the seatbelt in your car—an extra layer to keep you safe in the event of an accident,” said CISA Director Jen Easterly, a 2022 Wash100 Award winner.

Easterly urged Americans to ask their online service providers to offer the MFA feature if the tool is not yet available as a security option for their accounts.

CISA noted that the method can make it harder for cyber threat actors to breach information systems even if they compromised passwords through social engineering practices such as phishing.