As your organization works to determine the meaning and application of the various levels of the newly enacted Cybersecurity Maturity Model Certification (CMMC), questions arise. One particular issue surrounds the issue of SIEM as it pertains to the first level […]
What Level of CMMC Requires Security Information and Event Management (SIEM)? Read More »
Many defense contractors outsource their IT to a Managed Service Provider (MSP), who generally deliver the IT required and allows a business to focus on their core competency. IT managed services through MSP’s have been around for a long time
If Your MSP Can’t Spell CMMC it is Time to Move On Read More »
The Department of Defense (DOD) has provided Florida’s business community with a $22 billion opportunity, but there’s a catch. Before Florida’s prime and sub-contractor defense companies can win those contracts; they must meet cybersecurity regulations. These standards have become minimums that
Cybersecurity Forum 2021 Continues to Advance U.S. Cybersecurity Conversation Read More »
CyberSheath is excited to announce the availability of a new service offering specifically designed for Defense Contractors required to ensure compliance from their managed IT providers. This new Managed IT Services for Defense Contractors future-proofs your environment to changes in
The Department of Defense (DOD) suppliers were notified at the end of September about the new DFARS Interim Rule designed to collect NIST 800-171 assessment scores from all DOD contractors through submittal to the Supplier Performance Risk System (SPRS). As
Step-by-Step Guide to SPRS NIST 800-171 Assessment Submittal Read More »
Background In 2019, the Department of Defense (DOD) officially announced the introduction of a Cybersecurity Maturity Model Certification (CMMC). This unique maturity model is designed to improve the cybersecurity regarding Controlled Unclassified Information (CUI) within supply chains, especially as it applies to the Defense Industrial
Is Your MSSP Your Weakest Link in CMMC Certification? Read More »
Current Compliance Landscape Deputy Defense Secretary Patrick Shanahan spoke at the Armed Forces Communications and Electronics Association (AFCEA) on Feb 6, 2018, and said, “The culture we need to get to [around IT security] is that we’re going to defend ourselves
What is the CMMC Shared Security Model and Why is it Needed? Read More »
CyberSheath has attended multiple listening sessions and events with DOD leadership revealing more information regarding the DOD Cybersecurity Maturity Model Certification (CMMC). I want to expand on our previous blog with the additional details and actionable plans on what DOD contractors need to do to prepare for the changes.
What We Understand about CMMC so Far
CMMC stands for “Cybersecurity Maturity Model Certification” and will encompass multiple maturity levels that range from “Basic Cybersecurity Hygiene” to “Advanced”. The intent is to identify the required CMMC level in Request for Proposals (RFP) sections L and M to be used as a “go / no go decision.” This means that instead of the ability to bid and win a contract and then comply post-award with cybersecurity requirements, DOD contractors will have to be certified to the CMMC level required in advance, pre-bid, to even be eligible to bid.
When shopping for a Managed Security Services Provider (MSSP), there are plenty of checklists that you can download to help funnel you right to that vendor’s particular product. This isn’t that blog post, although at some point I am sure we have published one too. While checklists are helpful in narrowing down the capabilities and tools that you want to add to your probably already too big portfolio of tools, the focus should really be on the services that you will be adding to your existing team.
Managed Security Services That Matter Read More »
Every day, hackers and thieves are becoming more sophisticated, daring, and aggressive in their attempts to turn stolen data into substantial paydays. And with criminal entities regularly on the prowl for cyber weaknesses to exploit, it’s no wonder that the
What does the Ohio Data Protection Act Mean for Your Business? Read More »
