DoD CMMC 1.0 Spec Released! What are My Options?
DoD CMMC 1.0 Spec Released! What are My Options? By Chor-Ching Fan and David Hall The DoD Cybersecurity Maturity Model Certification (CMMC) intends to be the new best way [...]
CMMC Says Goodbye to POAMs
By Chor-Ching Fan Under NIST SP 800-171, Department of Defense (DoD) contractors were considered compliant if they could demonstrate a plan for meeting security requirements at a future date. [...]
GOV FUNDS FOR SMBs CYBER SAFETY
By David Trout Many small-and medium-sized businesses (SMBs) are more vulnerable to cyberattack than large enterprises, due to their limited knowledge of cybersecurity practices and budget constraints. A recently [...]
CMMC COMPLIANCE DEADLINE SET FOR DoD CONTRACTORS
By Chor-Ching Fan With theft of Controlled Unclassified Information (CUI) on the rise, DoD announced the Cybersecurity Maturity Model Certification (CMMC) program on May 24, 2019. CMMC will require [...]
THE BEST SOLUTION FOR 800-171 SUCCESS
by David Trout When working in the federal IT space, next to proactive security, compliance is everything. Thousands of pages of requirements exist between the Federal Acquisition Regulation (FAR) [...]
WHAT IS CUI AND WHERE IS IT?
By David Trout Controlled Unclassified Information (CUI) is what NIST 800-171 is all about. Once you figure out what it is, then you need to know where it is, [...]
NIST CONTROL REQUIREMENTS SEEM VAGUE?
By David Trout NIST 800-171 security controls are purposely designed to be broad, so that individual contractors can adapt them to their operations. While this non-specific approach supports a [...]
WHAT DO I DO IF I HAVE IDENTIFIED 800-171 GAPS?
By Chor-Ching Fan Finding areas where your security controls are lacking does not mean NIST 800-171 compliance is out of reach. If you are unable to meet all NIST [...]
BOUNDARY SMOUNDARY…JUST TELL ME WHERE IT IS!
By David Trout With today’s integrated information systems it can be a challenge to understand where one system ends and another begins. Getting the system boundary right can make [...]
NIST 800-171 COMPLIANCE…ARE WE THERE YET?
By Chor-Ching Fan The adage “your greatest strength is also your worst weakness” applies to compliance frameworks too. NIST 800-171 requirements were designed to be flexible, which turns out [...]