CMMC Waiver Process & May 2022 Updates
By Chor-Ching Fan & David Trout Contractors awaiting an update from the DoD rulemaking process to firm up CMMC requirements recieved some insight into [...]
Do or Delegate…Achieving Compliance in a Shared Responsibility World
By Chor-Ching Fan & David Trout Businesses can relieve many security and compliance burdens by using cloud services provided by Amazon AWS or Microsoft [...]
Common Core Controls – A Strategy Rizkly Supports
By Chor-Ching Fan When facing a tight compliance deadline, you might not want to think about anything but satisfying the security controls that you [...]
Summary of Proposed CMMC 2.0 Requirements
By Chor-Ching Fan & David Trout In a letter dated November 1, 2021 from Patricia L. Toppings, OSD Federal Register Liason Officer, the DoD [...]
The Compliance Advisory Cost Conundrum
By David Trout & Chor-Ching Fan Today, businesses of all sizes face growing challenges from compliance requirements. Staying in compliance requires more skill, experience, and knowledge than ever before. Having [...]
ICS/SCADA: Security and Compliance for Critical Infrastructure
By Celia Baker Security is vital for the continued performance and safety of the Industrial Control Systems (ICS) that help manage operations for oil and gas refineries, nuclear plants, transportation [...]
DoD Revs Up Emphasis on 800-171 with Scoring Requirement
By Chor-Ching Fan When the recently released CMMC Interim Rule (DFARS Case 2019-D041) takes effect on November 30, 2020, the Department of Defense (DoD) will require defense contractors to self-report [...]
DFARS & CMMC: Remediations Strategies & The Role of POAMs
Cyber Bytes Foundation, TCecure and Rizkly team up to share DFARS and CMMC remediation strategies and discuss the role of POAMs to enhance your [...]
Unpacking DFARS 800-171 R2 & CMMC 1.0 Requirements
Cyber Bytes Foundation and Rizkly unpack the NIST 800-171 and CMMC requirements, review operational impacts and discuss the elements of addressing each practice/control. Download [...]
Rizkly experts will advise, guide and review hardware and software technology changes to ensure that they address specific compliance controls but we do not perform the actual implementation work. Over the years, we have a developed a trusted ecosystem of partners who offer effective and affordable solutions to expedite remediation of security and compliance gaps. We will gladly refer you to appropriate partners if and when the need arises. Creating policies, procedures and other artifacts are also a key part of compliance remediation efforts and these are activities that our advisors do perform using powerful Rizkly features for policies and procedures.
Rizkly cybersecurity compliance advisors will work with you through the entire lifecycle of your compliance initiative. We will scale up/down depending on specific need, and we co-create our involvement in the early stages of the project. Typical project activities include:
- Gain an understanding of your business, your clients, your system(s), and your anticipated compliance requirements
- Educate your team members on compliance requirements, how to leverage the Rizkly app and what will be expected throughout the effort
- Develop the system ‘boundary’, and what will be in scope for compliance purposes
- Draft a system architecture diagram that clearly depicts the system boundary
- Review existing documentation and work with your team members to understand system and process specifics
- Perform a high level gap assessment to determine what controls are in place and operating effectively, and where there are gaps
- For each gap determine a detailed plan of action to remediate
- Collaborate as needed with personnel (staff and/or your vendors) during remediation.
- Provide advisory support, develop documentation, design controls, review evidence, audit prep, etc.
- Ensure that all artifacts and control implementation statements are effectively captured in Rizkly
- Educate your team on how to leverage Rizkly to generate audit-ready documentation such as SSPs, POAM reports and SPRS scoring
- Post-remediation ensure that all controls are in place and operating effectively
