The “Missing Link” for DoD CMMC Compliance: Introducing CyberSheath’s Managed IT for Defense Contractors

By Larry White • February 2, 2021

CyberSheath is excited to announce the availability of a new service offering specifically designed for Defense Contractors required to ensure compliance from their managed IT providers. This new Managed IT Services for Defense Contractors future-proofs your environment to changes in regulatory scope, interpretation and / or increased scrutiny of your compliance to DoD contracting in the long-term. It is clear that the US Government is becoming less patient with lapses in the Defense Industrial Base (DIB) regulatory compliance of IT management and, paradoxically, cyberthreats are increasing at the same time. Legacy IT delivery models are failing every day as the lines between IT and security have permanently blurred as to who is accountable for specific requirements.

With big picture strategic challenges like avoiding nation-state cyber-attacks and industrial espionage sorting out roles and responsibilities between IT and security is the last thing defense contractors need to worry about. 

CyberSheath has long recognized that a large part of IT delivery, things like patching and asset management, are foundational to NIST 800-171 and CMMC compliance, which is why we are offering a force-multiplying solution for Managed IT services. This offering is only available to defense contractors and uniquely built to make CMMC and NIST 800-171 compliance a natural outcome of day-to-day operations.

What is the DIB Managed Service Provider Compliance Problem?

Defense contractors have a special responsibility to the DoD in ensuring supply chain integrity and trustworthiness and as a result must adhere to cybersecurity requirements outlined across variety of Federal Regulations including:

FAR: 52.204.21 (calls for 15 cybersecurity controls inclusive of specific verbatim pass through / down verbiage to subcontractors and service providers handling Federal Contracting Information (FCI)-Type data)

DFARS: 252.204-7012 (calls for 110 cybersecurity controls inclusive of specific verbatim l pass through / down verbiage to subcontractors and service providers handling Controlled Unclassified Information (CUI)-type data)

DFARS: 252.204-7019-21 directs the DIB to the newly created CMMC Advisory Board for guidance on third-party-providers (TPPs). For refence, the latest guidance from the CMMC AB is as follows:

OSC’s who use cloud services must meet requirements that differ from C3PAO’s.

 1) Companies under the current DFARS 7012 using cloud services or products that receive, transmit, store, and secure CUI on or behalf of the contractor must meet requirements as described in the DoD Procurement Toolbox, Cybersecurity FAQ (Below in part in comments). Remember-The DoD prime/subcontractor is responsible to ensure that the CSP meets the requirements at 252.204-7012 (b)(2)(ii)(D). 

2) Organizations Seeking Certification (OSC) for CMMC L3 using external service providers/cloud services involving CUI must apply the DOD FAQ and consider the impact/evidence required for inherited practice or process objectives as discussed in the v1.10 CMMC L3 Assessment Guide, “A practice or process objective that is inherited is met because adequate evidence is provided that the enterprise or another entity, such as an External Service Provider (ESP), performs the practice or process objective.” See CMMCab.org for official policy/guidance. 

Introducing CyberSheath’s New Managed IT for Defense Contractor Service!

CyberSheath’s Managed IT Services for Defense Contractors delivers world-class IT service delivery, integrated with cybersecurity and enabling the documented evidence required to successfully pass a compliance audit or prove certifiable to the next government RFP / RFI. Andy Shooman, CyberSheath’s COO opines, “We’ve been future proofing our customers from policy and technology changes related to CMMC since our managed services debuted in 2015 and our managed IT services eliminates the finger pointing between IT and security giving our customers one vendor to hold accountable. The fact is 60% or more of cyber security requirements touch IT in some way and that has to be accounted for Part of an overall compliance posture.”

Our Managed IT Services for Defense Contractors solution transforms the disconnected IT and security functions into a compliant, integrated, and auditable. 

Base Service Offering: Manage the following in a compliant cost-effective manner for a US Defense Contractor:

    • Endpoint Management/Support Remote Access via VPN
    • Email
    • Identity & Access Management
    • Firewall & Network Management
    • Operating System and Network Device Patch Management
    • Infrastructure Configuration Management

Provide 24/7/365 Support for the following:

    • Support Ticket Management
    • Help Desk / Problem Resolution
    • End User Support Requests
    • Change Management
    • Asset/Configuration Management
    • System Availability / Outages

 Our Premium Service, in addition to the services above, is to manage the following in a compliant manner for a US Defense Contractor:

    • VOIP Telephony
    • Data Storage
    • System Backups
    • O/M365 Office Suite (beyond Mail)

Benefits of the Managed IT Service for Defense Contractors include the following:

It is easy to deploy and maintain (fully outsourced) and You are COMPLIANT!  

  • With CyberSheath’s Assured Compliance Commitment. We commit to having our infrastructure and managed IT services continuously assessed and certified as compliant with DFARS.
  • It is comprehensive technology, security, and governance to DFARS:
    • The Managed IT for Defense Contractors is a solution that is designed from the ground up to comply with DFARS cybersecurity requirements holistically.   
  • End-to-end deployment. 
    • You can combine this service with a world class MSSP / SECURITY!! Leveraging CyberSheath’s 24x7x365 Security Operations Center means someone is always watching the client’s network – freeing up resources so they can get on with other important business. Its Effective Risk Management Traditional information security / antivirus solutions will not stop polymorphic and zero-day threats. We also understand that providing defenses against nation-state’s unique offensive capabilities requires strong security programs. CyberSheath deploys best of breed, compliance technology baselines, SIEM, Phishing Defense, cloud workload protections, threat and endpoint detection and response (EDR), continuous monitoring and cyber threat intelligence (CTI) solutions coupled with our experts in threat analysis and intelligence (i.e., you) that deliver actionable information to mitigate risks to a client’s organization.
    • We adjust to the changing threats automatically! Through robust managed Compliance we can adjust to a very robust compliance landscape and allow for your program to rest-assured that the proper descriptions, documentations, and adjustments are made as to quickly identify potential threats. We combine the best of human and known toolsets to keep a client’s organization up to date with compliance.
  • There are easy procurement options.  
    • Customize Solutions – Although we have preconceived compliance levels, we know every customer is different. So, in the end, our solutions are Tailored to Every Client’s Needs! We know deeply that different organizations require different levels of security. CyberSheath has packaged offerings, allowing you to easily ramp up your security for greater protection, without having to deal with multiple vendors or security resellers.  
    • Flexibility – We have been on the ground floor of NIST/DFARS/CMMC for 12 years shaping, interpreting, and implementing DoD policy and requirements in a way that meets our customers where they are and keeps them in the game. There is no one size fits all and ridged implementation and interpretation will cripple your business with excessive cost and best guess interpretations as to what the DoD is looking for.

 Why CyberSheath as a Managed IT Services Organization?

CyberSheath has over 8 years of providing information security services for our clients. 

Moreover, CyberShealth’s personnel all have military or defense contracting (or both) as their heritage. Threats are global, ever changing, and require a specialized skillset to truly protect organizations. Our managed services staff include experts with previous impressive roles at global defense contracting, managed security services organizations, security software and hardware manufacturers, Military Cyber Operations experience and have multiple security and technical certifications including CISSP.

  • Hundreds of successful NIST 800-171 / DFARS 252.204-7012 engagements over the last 8 years
  • CyberSheath was founded to deliver this solution and “born” out of a Fortune 500 defense contractors experience influencing and implementing evolving DoD cybersecurity policy and requirements.
  • “Skin in the game” – We have been through DoD audits, many, with DoD components validating our approach and the work we do. We will be onsite with your team throughout assessment, remediation, managed services, and your eventual audit.

If you are looking for DFARS compliant Managed IT Services we look forward to providing you a single point of accountability for not only providing the requisite controls, but also for implementing across your IT infrastructure, true one stop shopping.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.