As your organization works toward achieving CMMC compliance, creating your System Security Plan (SSP) and Plan of Action and Milestones (POA&M), are critical steps in the process. The documents both provide a foundation for your remediation efforts as you work […]
How to Build and Maintain an Effective SSP & POA&M Read More »
The cyber universe has become the next battlefield–a place where threat actors, malicious entities, cyber criminals, activists, and nation states are challenging U.S. hegemony globally. We’ve seen instances where millions, or even billions, of dollars of research and decades’ worth
Most Common Failing CMMC Controls and How to Address Them Read More »
I’m a DOD contractor; what do I need to do for CMMC? To start or continue working with the DOD, all contractors must achieve and maintain the appropriate level of cybersecurity compliance. But what do you need to do, and
DFARS 7012, NIST 800-171, and CMMC Compliance Explained Read More »
The US government, through the lead agency, the Department of Defense (DOD) is implementing a new Cybersecurity Maturity Model Certification (CMMC) requirement for all private-sector businesses that work with the DOD, and now we understand that the standard will be
CMMC vs ISO 27001: Why It’s Time to Make the Switch Read More »
The Department of Defense (DOD) suppliers were notified at the end of September about the new DFARS Interim Rule designed to collect NIST 800-171 assessment scores from all DOD contractors through submittal to the Supplier Performance Risk System (SPRS). As mentioned in a
Mastering SPRS: Supplier Performance Risk System & Your Score Read More »
SolarWinds, with more than 300,000 global clients, including many federal agencies in the United States and mostly Fortune 500 companies, unknowingly released a software update that included malware providing hackers unobstructed remote access to victim networks. The magnitude of this
Could NIST 800-171 or CMMC have Influenced the Response to SolarWinds? Read More »
In short, yes; however, with caveats. In 2019, the Department of Defense (DOD) announced the development of the Cybersecurity Maturity Model Certification (CMMC). The CMMC is a maturity model based foundationally on the NIST 800-171 framework with some key evolutionary
Are CMMC Compliance Costs Reimbursable by the DOD? Read More »
The Department of Defense (DOD) suppliers were notified at the end of September about the new DFARS Interim Rule designed to collect NIST 800-171 assessment scores from all DOD contractors through submittal to the Supplier Performance Risk System (SPRS). As
Step-by-Step Guide to SPRS NIST 800-171 Assessment Submittal Read More »
Lockheed Martin and other prime contractors are contacting their suppliers and requesting a security status update; in many cases requesting a demonstration of compliance before the DOD November 30th deadline. If you’ve received this request, you’re not alone. We’re helping
On September 29, 2020, the Department of Defense (DOD) issued an interim rule (Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)) implementing two separate requirements for defense contractors related to cybersecurity that change acquisition. The two requirements give contractors
What the DFARS Interim Rule Means for Your Business Read More »
