For nearly a decade, the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) has been an important tool for many financial organizations assessing cybersecurity risks. It has provided a standardized way to evaluate both inherent risks and cybersecurity maturity. However, as cyberthreats evolved, the CAT struggled to keep pace. The tool's static nature meant updates were infrequent, leaving credit unions with outdated guidance in a rapidly changing environment. 

Should you immediately decide to select an enclave approach for CMMC? The real answer is that it depends. It’s an important strategic decision to make early on in your compliance journey. Understanding the pros and cons of the enclave approach—and the alternatives—will help inform which direction you choose. It comes down to balancing security with operational efficiency and productivity. Ideally, you are not giving up one for the other.

On January 14, 2025, Fortinet announced several vulnerabilities impacting multiple products. At Systems Engineering, we are highlighting these vulnerabilities as they affect the Fortinet solutions we support. Specifically, these issues impact FortiGate, FortiSwitch, FortiManager, FortiAnalyzer, FortiClient EMS, and FortiClient for Windows.

As deadlines for Cybersecurity Maturity Model Certification (CMMC) compliance draw closer, prime contractors face an increasing challenge: ensuring their own certification and supporting their entire supply chain in achieving compliance. This responsibility has become an urgent and complex priority for those managing defense contracts. The issue extends beyond the prime's readiness—subcontractors' compliance directly impacts your ability to deliver on the contract. The stakes are clear: one non-compliant subcontractor can jeopardize the entire supply chain. 

CMMC RPO Integrates Managed IT, Cybersecurity, and CMMC Advisory for the Defense Industrial Base

Systems Engineering is aware of the Fortinet FortiOS, FortiManager, and FortiAnalyzer affecting multiple versions of these products.

Fortinet rates these vulnerabilities as HIGH.

Systems Engineering is aware of the Fortinet FortiManager missing authentication for critical function vulnerability in the fgfmd process, CVE-2024-47575. Reports have shown this vulnerability to be exploited in the wild.