There are several compliance standards for federal and defense cybersecurity. CMMC, FedRAMP, the Cybersecurity Framework (CSF) and the Risk Management Framework (RMF) all serve critical functions in protecting government IT systems and associated vendor products and services.

Behind all of these frameworks are crucial security publications, each one serving a particular purpose in defining the practices, controls and procedures that organizations can use to meet their compliance demands. We’ve previously covered such documents as NIST 800-53 and NIST 800-171, showing how these documents play a role in national cyber defense.

In this article, we’ll discuss two more guidelines: Federal Information Processing Standard (FIPS) 199 and FIPS 200.

Read More

The DoD recently released its framework for the next model in CMMC compliance and audits–CMMC 2.0. This revision is expected to streamline the compliance process and trim some of the extraneous requirements from the framework, helping contractors in the DoD supply chain better meet their requirements without introducing unnecessary challenges or redundancies. 

One of the more important aspects of CMMC certification is the inclusion of third-party audits. With the introduction of CMMC 2.0, these requirements have changed to make certification easier for contractors without sacrificing security. 

Read More

The Cybersecurity Maturity Model Certification (CMMC) framework is a relatively new yet still partially implemented set of cybersecurity regulations targeting DoD agencies and contractors. The DoD specifically built the rules to address the IT infrastructure and security practices needed to handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). After a lengthy review, the DoD has, as of November 2021, released an updated version of CMMC, known colloquially as CMMC 2.0.

What is CMMC 2.0? We’ll cover some of the more significant changes here, what this means for DoD contractors, and how you can prepare for the change.

Read More