When defense contractors start their CMMC journey, most focus on controls, policies, and tools. But there’s a quieter step that determines whether your certification effort succeeds or stalls: scoping. As Casey Lang, CyberSheath SVP of Compliance, put it during the CMMC Scoping Pitfalls webinar, “Scoping is […]
CMMC Scoping, Simplified: The Foundational Step DIB Contractors Can’t Skip Read More »
As part of your assessment against NIST 800-171, it’s critical to understand what parts of your environment are in scope. This is where CMMC scoping comes in. In our first blog in this series, we discussed the importance of assessments;
CMMC Scoping Explained: Determining What’s In and Out of Scope Read More »
CMMC Level 2 is here, and primes are already encouraging subcontractors to comply. Success starts with understanding the roles of RPOs and C3PAOs, choosing partners wisely, and preparing with the right documentation and scope. In our webinar RPOs vs. C3PAOs: Decoding CMMC Compliance
CMMC Level 2: How to Choose the Right Partners and Get Certified Read More »
As a defense contractor pursuing cybersecurity compliance, there’s no better place to start than with an assessment. It’s important to know your real posture against CMMC 2.0 requirements as it provides a clear list of actionable items that will structure your path to compliance.
Assessing Cybersecurity Under CMMC: The First Step on the Path to Compliance Read More »
New Pentagon contracts will now include Cybersecurity Maturity Model Certification (CMMC) requirements as conditions of award, and contractors across the defense industrial base (DIB) are scrambling to meet compliance standards that have been mandatory in their contracts for years. Because
Why Defense Contractors Face a C3PAO Capacity Crisis Read More »
The Department of Defense/War just released an update to the official CMMC FAQs. While the update does not change requirements or timelines, it does remove long-standing misinterpretations held by many organizations and service providers. These updates reinforce what we have
CMMC Update: Four New DOD Clarifications That Impact Compliance Read More »
Many defense contractors across the supply chain are making the dangerous assumption that the Cybersecurity Maturity Model Certification (CMMC) mandate doesn’t apply to them. Small Doesn’t Mean Exempt from CMMC In most cases, it’s small and medium-sized businesses that
Why Small Defense Contractors Can’t Afford to Ignore CMMC Read More »
The government shutdown has been ongoing for nearly a month. Museums closed. Federal employees furloughed. Washington is paralyzed with no end in sight. But Nov. 10 doesn’t care. While Congress remains gridlocked over funding, Phase 1 of the
While Washington Shuts Down, CMMC Compliance Marches On Read More »
The countdown to CMMC enforcement is over. November 10 is not just another date on the calendar. It is the day the Department of Defense/War DOD/DOW begins embedding CMMC clauses into contracts and when every company in the Defense Industrial
CMMC Enforcement Begins November 10: What Defense Contractors Must Know Now Read More »
The Cybersecurity Maturity Model Certification (CMMC) program has advanced to a final rule and will be required of new defense contracts starting in November. The Defense Industrial Base’s era of preparation is over. The time for action has arrived. But
State of the DIB Report 2025: Only 1% of Contractors Are Ready for CMMC Read More »
