CMMC is officially moving from policy to procurement. The Department of Defense has published the final DFARS rule in Title 48 of the CFR, wiring CMMC requirements directly into contracts. The rule is effective 60 days after publication in the […]
DFARS CMMC Final Rule Published: No Surprises, Just Execution Read More »
At CyberSheath, we’ve worked with forward-thinking clients who want to get ahead of supply chain risk management (SCRM) and engage with their suppliers. We have extensive experience in DFARS and CMMC compliance, providing comprehensive services that streamline and simplify supply
Looking ahead, there are two things emerging as it relates to requirements that will have implications for supply chain risk management (SCRM) in the defense industrial base (DIB). To understand how to proceed with SCRM, it’s important to first gain
Stay Ahead of SCRM Challenges: Essential Strategies for Defense Contractors Read More »
Compliance and cybersecurity are constantly evolving. Recently a shift has occurred with the concept of supply chain risk management (SCRM) as a set of requirements across many cybersecurity frameworks—in particular, NIST 800-171 as it applies to the defense industrial base—gaining
What Is Supply Chain Risk Management? A Guide for Defense Contractors Read More »
Starting the journey toward compliance with DFARS 252.204-7012, NIST SP 800-171, or CMMC standards can be challenging, especially when it comes to identifying and securing Controlled Unclassified Information (CUI). For defense contractors, CUI handling isn’t just an internal responsibility; it’s
Mastering CUI Boundaries: A Guide to DFARS 252.204-7012 Compliance Read More »
Cloud services have become integral to many organizations, including Department of Defense (DOD) contractors. However, using cloud platforms that handle Controlled Unclassified Information (CUI) comes with stringent security requirements from the Defense Contract Management Agency (DCMA). The DCMA is taking
Understanding DCMA’s FedRAMP Moderate Equivalency Standards Read More »
In today’s digital age, cybersecurity has become a critical aspect of business operations. Cyber threats are becoming more sophisticated and frequent, making it essential for businesses to adopt robust cybersecurity practices. If your business operates in multiple locations or has
How Decentralized Organizations Can Achieve Centralized Compliance Read More »
As your organization works toward achieving CMMC compliance, creating your System Security Plan (SSP) and Plan of Action and Milestones (POA&M), are critical steps in the process. The documents both provide a foundation for your remediation efforts as you work
How to Build and Maintain an Effective SSP & POA&M Read More »
As your organization works to determine the meaning and application of the various levels of the newly enacted Cybersecurity Maturity Model Certification (CMMC), questions arise. One particular issue surrounds the issue of SIEM as it pertains to the first level
CMMC SIEM Requirements: Understanding What’s Needed at Each Level Read More »
Yesterday, Richard Wakeman, Senior Director – Aerospace and Defense at Microsoft, provided a terrific update to his 2019 blog post, Understanding Compliance Between Microsoft 365 Commercial, GCC, GCC-High and DOD Offerings, providing a lot of additional detail, and answering many
Three Observations from Microsoft’s 2021 Compliance Update and the Impact on the DIB Read More »
