The CyberSheath team has been a part of what today is known as the Cybersecurity Maturity Model Certification (CMMC) since it was an entirely voluntary initiative in 2008, consisting of eight and then sixteen of the largest prime contractors in […]
CMMC Con 2020 Speaker Spotlight – Ms. Katherine “Katie” Arrington Read More »
CyberSheath is pleased to introduce CMMC Con 2020 attendees to one of our keynote speakers and CMMC discussion panelists, retired Brigadier General Dr. Robert Spalding. As emphasized by his experience, Dr. Spalding is an expert on national security and highly-qualified
CMMC Con 2020 Speaker Spotlight – Dr. Robert Spalding, BRIG GEN, USAF (RET) Read More »
Lockheed Martin and other prime contractors are contacting their suppliers and requesting a security status update; in many cases requesting a demonstration of compliance before the DOD November 30th deadline. If you’ve received this request, you’re not alone. We’re helping
On September 29, 2020, the Department of Defense (DOD) issued an interim rule (Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)) implementing two separate requirements for defense contractors related to cybersecurity that change acquisition. The two requirements give contractors
What the DFARS Interim Rule Means for Your Business Read More »
Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) is here. Often referred to as CMMC this long-awaited and hotly debated Interim Rule harmonizes legacy (DFARS clause 252.204-7012) and future (CMMC) requirements with the following
DOD Released a New Interim Final DFARS Rule Covering CMMC and NIST 800-171 Read More »
The Department of Defense (DOD) has instituted an emergency action, possibly to confirm what is widely already known on cybersecurity compliance among the defense industrial base (DIB). Self-certification for defense contractors has enabled “barely there” cybersecurity unless you are one
Calling Industries Bluff: The DOD Emergency Action on NIST 800-171 Compliance Read More »
Compliance with ever-evolving DOD cybersecurity mandates like DFARS 252.204-7012, NIST 800-171, and Cybersecurity Maturity Model Certification (CMMC) is complicated and confusing. It can be hard to understand the outcomes that you should focus on and how to measure success. Discover
Achieve DFARS Compliance with Managed Services Read More »
The theft of intellectual property and sensitive information across the Defense Industrial Base (DIB) and the supply chain of the Department of Defense (DOD) threatens economic security and national security. Malicious cyber actors have persistently targeted the DIB sector and
Cybersecurity Maturity Model Certification (CMMC) Update Read More »
There is a lot your organization is already doing that you can apply to your preparation for the impending launch of CMMC (Cybersecurity Maturity Model Certification). One important and useful component to consider is a Plan of Action and Milestones (POA&M or
What Is a POAM and Why It Matters for CMMC Read More »
Have contractors implemented the NIST 800-171 controls? DOD Inspector General (IG) audit suggests not, recommends third-party audits. Are you ready?
A recent audit conducted in response to a request from the Secretary of Defense determined that DOD contractors did not consistently implement DOD‑mandated system security controls for safeguarding Defense information. Specifically, Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 requires contractors that maintain Controlled Unclassified Information (CUI) to implement security controls specified in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, which lists security requirements for safeguarding sensitive information on non-Federal information systems. The requirements include controls for user authentication, user access, media protection, incident response, vulnerability management, and confidentiality of information.
Recent DOD Audit on Controlled Unclassified Information Finds Contractors Not Secure Read More »
