The Compliance Advisory Cost Conundrum
By David Trout & Chor-Ching Fan Today, businesses of all sizes face growing challenges from compliance requirements. Staying in compliance requires more skill, experience, and knowledge than ever before. [...]
DoD Revs Up Emphasis on 800-171 with Scoring Requirement
By Chor-Ching Fan When the recently released CMMC Interim Rule (DFARS Case 2019-D041) takes effect on November 30, 2020, the Department of Defense (DoD) will require defense contractors to [...]
DoD CMMC 1.0 Spec Released! What are My Options?
DoD CMMC 1.0 Spec Released! What are My Options? By Chor-Ching Fan and David Hall The DoD Cybersecurity Maturity Model Certification (CMMC) intends to be the new best way [...]
CMMC Says Goodbye to POAMs
By Chor-Ching Fan Under NIST SP 800-171, Department of Defense (DoD) contractors were considered compliant if they could demonstrate a plan for meeting security requirements at a future date. [...]
GOV FUNDS FOR SMBs CYBER SAFETY
By David Trout Many small-and medium-sized businesses (SMBs) are more vulnerable to cyberattack than large enterprises, due to their limited knowledge of cybersecurity practices and budget constraints. A recently [...]
CMMC COMPLIANCE DEADLINE SET FOR DoD CONTRACTORS
By Chor-Ching Fan With theft of Controlled Unclassified Information (CUI) on the rise, DoD announced the Cybersecurity Maturity Model Certification (CMMC) program on May 24, 2019. CMMC will require [...]
THE BEST SOLUTION FOR 800-171 SUCCESS
by David Trout When working in the federal IT space, next to proactive security, compliance is everything. Thousands of pages of requirements exist between the Federal Acquisition Regulation (FAR) [...]
WHAT IS CUI AND WHERE IS IT?
By David Trout Controlled Unclassified Information (CUI) is what NIST 800-171 is all about. Once you figure out what it is, then you need to know where it is, [...]
NIST CONTROL REQUIREMENTS SEEM VAGUE?
By David Trout NIST 800-171 security controls are purposely designed to be broad, so that individual contractors can adapt them to their operations. While this non-specific approach supports a [...]
WHAT DO I DO IF I HAVE IDENTIFIED 800-171 GAPS?
By Chor-Ching Fan Finding areas where your security controls are lacking does not mean NIST 800-171 compliance is out of reach. If you are unable to meet all NIST [...]