Rizkly 800-171 Rev 3
By Chor-Ching Fan & Dave Trout Proposed Changes to NIST SP 800-171 Revision 3 Enhance Cybersecurity Measures NIST SP 800-171 is a publication [...]
FedRAMP Authorization Act Now Codified
FedRAMP Authorization Act Codified Big news—the FedRAMP Authorization Act has been passed! What exactly does this mean? The FedRAMP Authorization Act is part of [...]
CMMC Waiver Process & May 2022 Updates
By Chor-Ching Fan & David Trout Contractors awaiting an update from the DoD rulemaking process to firm up CMMC requirements recieved some insight [...]
Do or Delegate…Achieving Compliance in a Shared Responsibility World
By Chor-Ching Fan & David Trout Businesses can relieve many security and compliance burdens by using cloud services provided by Amazon AWS or [...]
Common Core Controls – A Strategy Rizkly Supports
By Chor-Ching Fan When facing a tight compliance deadline, you might not want to think about anything but satisfying the security controls that [...]
Summary of Proposed CMMC 2.0 Requirements
By Chor-Ching Fan & David Trout In a letter dated November 1, 2021 from Patricia L. Toppings, OSD Federal Register Liason Officer, the [...]
The Compliance Advisory Cost Conundrum
By David Trout & Chor-Ching Fan Today, businesses of all sizes face growing challenges from compliance requirements. Staying in compliance requires more skill, experience, and knowledge than ever before. [...]
DoD Revs Up Emphasis on 800-171 with Scoring Requirement
By Chor-Ching Fan When the recently released CMMC Interim Rule (DFARS Case 2019-D041) takes effect on November 30, 2020, the Department of Defense (DoD) will require defense contractors to [...]
DoD CMMC 1.0 Spec Released! What are My Options?
DoD CMMC 1.0 Spec Released! What are My Options? By Chor-Ching Fan and David Hall The DoD Cybersecurity Maturity Model Certification (CMMC) intends to be the new best way [...]
CMMC Says Goodbye to POAMs
By Chor-Ching Fan Under NIST SP 800-171, Department of Defense (DoD) contractors were considered compliant if they could demonstrate a plan for meeting security requirements at a future date. [...]