SolarWinds, with more than 300,000 global clients, including many federal agencies in the United States and mostly Fortune 500 companies, unknowingly released a software update that included malware providing hackers unobstructed remote access to victim networks. The magnitude of this […]
Could NIST 800-171 or CMMC have Influenced the Response to SolarWinds? Read More »
In short, yes; however, with caveats. In 2019, the Department of Defense (DOD) announced the development of the Cybersecurity Maturity Model Certification (CMMC). The CMMC is a maturity model based foundationally on the NIST 800-171 framework with some key evolutionary
Are CMMC Compliance Costs Reimbursable by the DOD? Read More »
The Department of Defense (DOD) suppliers were notified at the end of September about the new DFARS Interim Rule designed to collect NIST 800-171 assessment scores from all DOD contractors through submittal to the Supplier Performance Risk System (SPRS). As
Step-by-Step Guide to SPRS NIST 800-171 Assessment Submittal Read More »
Lockheed Martin and other prime contractors are contacting their suppliers and requesting a security status update; in many cases requesting a demonstration of compliance before the DOD November 30th deadline. If you’ve received this request, you’re not alone. We’re helping
On September 29, 2020, the Department of Defense (DOD) issued an interim rule (Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)) implementing two separate requirements for defense contractors related to cybersecurity that change acquisition. The two requirements give contractors
What the DFARS Interim Rule Means for Your Business Read More »
It’s been quite a week. The DOD released an interim rule to “amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement a DOD Assessment Methodology and Cybersecurity Maturity Model Certification framework in order to assess contractor implementation of cybersecurity
DFARS Interim Rule FAQ: What DFARS 7019, 7020 & 7021 Mean for You Read More »
The DFARS interim rule titled Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) is here. Often referred to as CMMC this long-awaited and hotly debated Interim Rule harmonizes legacy (DFARS clause 252.204-7012) and future
DOD’s New DFARS Interim Rule: What Contractors Need to Know Read More »
The Department of Defense (DOD) has instituted an emergency action, possibly to confirm what is widely already known on cybersecurity compliance among the defense industrial base (DIB). Self-certification for defense contractors has enabled “barely there” cybersecurity unless you are one
Calling Industries Bluff: The DOD Emergency Action on NIST 800-171 Compliance Read More »
The US Department of Defense (DOD) has one of the largest supply chains in the world, scaling to hundreds of thousands of different vendors and partners. While valuable, these vital partners in our nation’s defense infrastructure pose a huge cyber
5 Cybersecurity Attacks That Highlight the Necessity of CMMC Compliance Read More »
Compliance with ever-evolving DOD cybersecurity mandates like DFARS 252.204-7012, NIST 800-171, and Cybersecurity Maturity Model Certification (CMMC) is complicated and confusing. It can be hard to understand the outcomes that you should focus on and how to measure success. Discover
Achieve DFARS Compliance with Managed Services Read More »
