As your organization is working to secure your infrastructure, one component that can fall through the cracks is your company’s website. While it might not be top of mind, there are impacts of not having a secure website. A website […]
The Importance of Securing Your Website Read More »
In today’s security landscape, threats to your IT infrastructure are constantly evolving. As you work to secure your IT systems and processes, penetration testing (pen testing) is an important component of your plan. Pen testing can help your organization gain
What Penetration Testing Is – and Why Your Organization Should Be Using It Read More »
It has finally arrived, the Cybersecurity Maturity Model Certification (CMMC) version (v) 1.0. CMMC v1.0 changes the DOD acquisition process with certification becoming a pre-RFP requirement to bid a government contract. Like you, CyberSheath has been aggressively following the CMMC’s
DOD Releases CMMC Version 1.0 Read More »
You have completed your NIST 800-171 security controls assessment to see how your company is doing in meeting the requirements of the standard. The evaluation revealed some gaps within your organization’s implementation of the solutions, tools, and processes you have
Top Five Most Difficult Security Controls to Implement Under NIST 800-171 Read More »
There is a lot your organization is already doing that you can apply to your preparation for the impending launch of CMMC (Cybersecurity Maturity Model Certification). One important and useful component to consider is a Plan of Action and Milestones (POA&M or
What Is a POAM and Why It Matters for CMMC Read More »
As you are probably aware, there is a new mandatory certification model that will be required to do business with the Department of Defense (DOD). The CMMC (Cybersecurity Maturity Model Certification) builds on best practices established in NIST 800-171 (DFARS),
CMMC Update: Steps for Effective CMMC Standard Preparation Read More »
Your assessment is behind you. You have been working to create a System Security Plan (SSP) detailing a Plan of Action & Milestones (POA&Ms) based on your assessment findings. Your goal, to remediate gaps discovered to ensure NIST 800-171 compliance
Three Things to Consider Before Starting Your NIST 800-171 Implementation Read More »
Cybersecurity requirements for Department of Defense (DOD) contractors continue to evolve. However, NIST 800-171 compliance is as much required by law today as it was on the December 2017 deadline. In fact, with the introduction of the Cybersecurity Maturity Model
Webinar: Understanding DOD CMMC and NIST 800-171 Revisions Read More »
Have contractors implemented the NIST 800-171 controls? DOD Inspector General (IG) audit suggests not, recommends third-party audits. Are you ready?
A recent audit conducted in response to a request from the Secretary of Defense determined that DOD contractors did not consistently implement DOD‑mandated system security controls for safeguarding Defense information. Specifically, Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 requires contractors that maintain Controlled Unclassified Information (CUI) to implement security controls specified in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, which lists security requirements for safeguarding sensitive information on non-Federal information systems. The requirements include controls for user authentication, user access, media protection, incident response, vulnerability management, and confidentiality of information.
Recent DOD Audit on Controlled Unclassified Information Finds Contractors Not Secure Read More »
CyberSheath has attended multiple listening sessions and events with DOD leadership revealing more information regarding the DOD Cybersecurity Maturity Model Certification (CMMC). I want to expand on our previous blog with the additional details and actionable plans on what DOD contractors need to do to prepare for the changes.
What We Understand about CMMC so Far
CMMC stands for “Cybersecurity Maturity Model Certification” and will encompass multiple maturity levels that range from “Basic Cybersecurity Hygiene” to “Advanced”. The intent is to identify the required CMMC level in Request for Proposals (RFP) sections L and M to be used as a “go / no go decision.” This means that instead of the ability to bid and win a contract and then comply post-award with cybersecurity requirements, DOD contractors will have to be certified to the CMMC level required in advance, pre-bid, to even be eligible to bid.
