How CMMC Impacts Subcontractors and Supply Chain Risk

Jun 4, 2025 Lazarus Alliance 0 Comment

A keyboard superimposed with several symbols, including a padlock.

While most of the focus of CMMC is on primary contractors, subcontractors (especially small and mid-sized firms) play an equally critical role in ensuring information security across the supply chain. As such, they are increasingly in the spotlight, both in terms of compliance requirements and as focal points for supply chain risk.

However, their smaller size and limited resources often make them more vulnerable to cyber threats. Attackers have long targeted the weakest links in the supply chain, and subcontractors usually serve as such entry points. The DoD’s implementation of CMMC aims to address this by enforcing standardized cybersecurity practices at every tier of the supply chain.

Startups in CMMC: Scaling Compliance Without Enterprise Resources

Feb 5, 2025 Lazarus Alliance 0 Comment

a neon screen of computer symbols with red triangles

For startups in the defense sector, CMMC is a double-edged sword. On the one hand, working in the DIB is a massive opportunity for most startups. Conversely, the costs and complexity of compliance can overwhelm lean teams with limited resources. This is why startups increasingly turn to CSPs and MSPs to achieve CMMC compliance without the overhead of enterprise-scale investments. Here’s how they’re doing it.

The Evolution of FedRAMP in 2024

Dec 30, 2024 Lazarus Alliance 0 Comment

2024 has been a watershed year for FedRAMP, ushering in significant structural, procedural, and technological advancements to the program meant to streamline authorization and make bringing cloud products to federal agencies easier.

From new governance to new paths to authorization, we’re recapping FedRAMP’s changes in 2024.