At CyberSheath, we’ve worked with forward-thinking clients who want to get ahead of supply chain risk management (SCRM) and engage with their suppliers. We have extensive experience in DFARS and CMMC compliance, providing comprehensive services that streamline and simplify supply […]
Looking ahead, there are two things emerging as it relates to requirements that will have implications for supply chain risk management (SCRM) in the defense industrial base (DIB). To understand how to proceed with SCRM, it’s important to first gain
Stay Ahead of SCRM Challenges: Essential Strategies for Defense Contractors Read More »
Compliance and cybersecurity are constantly evolving. Recently a shift has occurred with the concept of supply chain risk management (SCRM) as a set of requirements across many cybersecurity frameworks—in particular, NIST 800-171 as it applies to the defense industrial base—gaining
What Is Supply Chain Risk Management? A Guide for Defense Contractors Read More »
Starting the journey toward compliance with DFARS 252.204-7012, NIST SP 800-171, or CMMC standards can be challenging, especially when it comes to identifying and securing Controlled Unclassified Information (CUI). For defense contractors, CUI handling isn’t just an internal responsibility; it’s
Mastering CUI Boundaries: A Guide to DFARS 252.204-7012 Compliance Read More »
Cloud services have become integral to many organizations, including Department of Defense (DOD) contractors. However, using cloud platforms that handle Controlled Unclassified Information (CUI) comes with stringent security requirements from the Defense Contract Management Agency (DCMA). The DCMA is taking
Understanding DCMA’s FedRAMP Moderate Equivalency Standards Read More »
In today’s digital age, cybersecurity has become a critical aspect of business operations. Cyber threats are becoming more sophisticated and frequent, making it essential for businesses to adopt robust cybersecurity practices. If your business operates in multiple locations or has
How to Manage Compliance for Decentralized Businesses Read More »
As your organization works toward achieving CMMC compliance, creating your System Security Plan (SSP) and Plan of Action and Milestones (POA&M), are critical steps in the process. The documents both provide a foundation for your remediation efforts as you work
How to Get Started on Your SSP and POA&M Read More »
As your organization works to determine the meaning and application of the various levels of the newly enacted Cybersecurity Maturity Model Certification (CMMC), questions arise. One particular issue surrounds the issue of SIEM as it pertains to the first level
What Level of CMMC Requires Security Information and Event Management (SIEM)? Read More »
Yesterday, Richard Wakeman, Senior Director – Aerospace and Defense at Microsoft, provided a terrific update to his 2019 blog post, Understanding Compliance Between Microsoft 365 Commercial, GCC, GCC-High and DOD Offerings, providing a lot of additional detail, and answering many
Three Observations from Microsoft’s 2021 Compliance Update and the Impact on the DIB Read More »
Current Compliance Landscape Deputy Defense Secretary Patrick Shanahan spoke at the Armed Forces Communications and Electronics Association (AFCEA) on Feb 6, 2018, and said, “The culture we need to get to [around IT security] is that we’re going to defend ourselves
What is the CMMC Shared Security Model and Why is it Needed? Read More »
