Finished writing a "cybersecurity for contract specialist" course for US Coast Guard. Like all course development work, the research is the starting point and a learning experience. While many of these documents are for federal acquisition shops, the NIST SP's are general purpose.
Even if you're not on federal programs, here's a good starting point in general for cybersecurity in our modern world. minus the Coast Guard specific guidance which is narrowly focused on the Maritime Transportation Systems.
- NIST Computer Security Resource Center
- “The Coast Guard and Cybersecurity: A Legal Framework for Prevention and Response,” LCDR Brandy Parker and Glenn Gray, Proceedings of the Marine Safety and Security Council, The Coast Guard Journal of Safety and Security at Sea, Winter 2014-2015.
- “Understanding Cybersecurity on DoD Acquisition Programs,” Steve Mills, Professor of Program Management, Defense Acquisition University, May 10-11, 2016.
- “Executive Order 13873 Response, Methodology of Assessing the Most Critical Information and Communications Technologies and Services,” April 2020.
- “Using Contracts to Reduce Cybersecurity Risks,” Warren Axelrod, CrossTalk, The Journal of Defense Software Engineering, July/August 2007.
- “Cybersecurity Strategy,” U.S. Department of Homeland Security.
- “FAR 52.204-21 and the Future of Federal Cybersecurity Enforcement,” Reginald M. Jones, Nicholas T. Solosky & Douglas P. Hibshman on May 23, 2017, Fox Rothschild, Attorneys at Law.
- “NIST Handbook 162, NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements,”
- Cybersecurity & Infrastructure Security Agency
- CyberAware Case Study ‒ Office of Personnel Management
- “Wondering Why Government Contractors Need to Take Cybersecurity Seriously ‒ Criminals and Foreign Adversaries Are Trying to Hack You,” Susan Ebner, Government Contracting Matters, July 31, 2020.
- Cyber Security Maturity Model
- “Enhanced Section 806 Procedures for Supply Chain Risk Management in Support of DoD Trusted Systems and Networks"
- Transportation Systems Sector Cybersecurity Framework Implementation Guidance,” U.S. Department of Homeland Security, June 26, 2015.
- The National Strategy to Secure Cyberspace, February 2003.
- Integrating Cybersecurity and Enterprise Risk Management (ERM), NISTIR 8286, October 2020
- NIST Roadmap for Improving Critical Infrastructure Cybersecurity, February 12, 2014.
- "Federal Agencies and OMB Need to Continue to Improve Management and Cybersecurity,” GAO-20-69T.
- “Framework for Improving Critical Infrastructure Cybersecurity,” NIST, June 2016.
- "The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation. 114th Congress, September 7, 2016.
- “Equifax Data Breach,” Electronic Privacy Information Center
- “The OPM hack explained: Bad Security practices meet China’s Captain America,” CSO
- 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment (Deviation 20-05) (Aug 2020).
- “8 Cyber Threat Trends to Watch Out For in 2021 ‒ Tomorrow’s advanced cyber threats are already here"
- EO 13873
- “Frequently Asked Questions (FAQs): DHS’s ICT Methodology in Support of Executive Order 13873"
- “Government Contracting ‒ Cybersecurity Requirements ‒ What’s New ‒ Win Federal Contracts,” Jennifer Schaus ‒ Federal Government Contracting"
- “Internet Crime Complaint Center IC#,” FBI
- “Measuring Cyber Security and Information Assurance,” State-of-the-Art Report, Information Assurance Technology Analysis Center (IATAC), May 8, 2009.
- Build and Operate a Trusted DoDIN
- “Suggested Language to Incorporate Systems Security Engineering for Trusted Systems and Networks into Department of Defense Requests for Proposals,” January 2014.
- “DoD Program Manager’s Guidebook for Integrating the Cybersecurity Risk Management Framework (RMF) into the System Acquisition Lifecycle,” Defense Acquisition University, September 2015, Version 1.0.
- “A Cyber-Security Culture Framework for Assessing Organization Readiness,” Anna Georgiadou, Spiros Mouzakitis, Kanaris Bounas & Dimitrios Askounis, Journal of Computer Information Systems, 23 November 2020.
- FIPS 199 Standards for Security Categorization of Federal Information and Information Systems
- NIST SP 800-61, Computer Security Incident Handling Guide, Revision 2
- NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems.
- NIST SP 800-53A, Assessing Security and Privacy Controls in Federal Systems and Organizations, Building Effective Assessment Plans
- NIST SP 800-37 Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
- FIPS 200 Minimum Security Requirements for Federal Information and Information Systems
- “Cloud Computing Security,” Abilio Cardoso, Proceedings of the11th European Conference on Information Warfare and Security The Institute Ecole Supérieure en Informatique Electronique et Automatique, Laval, France5-6 July 2012.
- "Cyber Risks in the Marine Transportation System, The U.S. Coast Guard Approach," Vice Admiral Charles D. Michel, U.S. Coast Guard Rear Admiral Paul F. Thomas, U.S. Coast Guard Captain Andrew E. Tucci, U.S. Coast Guard,
- MITRE ATT&CK Knowledge base
- “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” SP 800-171 Rev. 2, February 2020.
- “A Comprehensive Guide to Maritime Cybersecurity,”
- “Coast Guard Pursuing Ambitious Tech Revolution,” Connie Lee, National Defense,
- "Cyber Risks in the Marine Transportation System, The U.S. Coast Guard Approach," Vice Admiral Charles D. Michel, U.S. Coast Guard, Rear Admiral Paul F. Thomas, U.S. Coast Guard Captain Andrew E. Tucci, U.S. Coast Guard
- “An Analysis of the United States Cybersecurity Strategy,” Gene Souza, Center for Development of Security Excellence, Defense Security Service, 31 October 2015.
- “Navigation and Vessel Inspection Circular No. 01-20, Guidelines for Addressing Cyber Risk at Maritime Transportation Security Act (MSTA) Regulated Facilities,” February 26, 2020
- “IT Security Procedural Guide: Contingency Panning (CP) CIO-IT Security-06-29, Revision 4, April 12. 2018, Office of the Chief Information Security Officer, GSA.
- “Including Cybersecurity in the Contract Mix,” Kimberly Kendall and William Long, Defense Acquisition University, March 01, 2018.
- “DoD Directive 8140.01 – Cyberspace Workforce Management,” October 5, 2020
- "NIST Request for Information,” (Cybersecurity)
- “Cybersecurity Challenges Facing the Nation ‒ High-Risk Issue"
- “Maritime Critical Infrastructure Protection: DHS Needs to Better Address Port Cybersecurity," GAO-14-459: Published: Jun 5, 2014.
- ISO 27000, Information Security Management Systems standards
- “Zero Trust Architecture,” NIST SP 800-207, August 2020
