Do I Need a Certified Third-Party Assessment Organization (C3PAO) Under CMMC 2.0?

Nov 24, 2021 Lazarus Alliance 0 Comment

The DoD recently released its framework for the next model in CMMC compliance and audits–CMMC 2.0. This revision is expected to streamline the compliance process and trim some of the extraneous requirements from the framework, helping contractors in the DoD supply chain better meet their requirements without introducing unnecessary challenges or redundancies.

One of the more important aspects of CMMC certification is the inclusion of third-party audits. With the introduction of CMMC 2.0, these requirements have changed to make certification easier for contractors without sacrificing security.

What is CMMC 2.0 and, Why Is the Defense Department Changing Requirements?

Nov 10, 2021 Lazarus Alliance 0 Comment

The Cybersecurity Maturity Model Certification (CMMC) framework is a relatively new yet still partially implemented set of cybersecurity regulations targeting DoD agencies and contractors. The DoD specifically built the rules to address the IT infrastructure and security practices needed to handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). After a lengthy review, the DoD has, as of November 2021, released an updated version of CMMC, known colloquially as CMMC 2.0.

What is CMMC 2.0? We’ll cover some of the more significant changes here, what this means for DoD contractors, and how you can prepare for the change.

What is Meaningful Use and How Does it Relate To HIPAA and HITECH?

Nov 3, 2021 Lazarus Alliance 0 Comment

Healthcare data and privacy have been a priority for lawmakers and IT professionals for decades. Maintaining privacy related to health information, and giving ownership and agency over disclosure to patients, drives current regulations around Personal Health Information (PHI). The most important of these regulations, HIPAA, has undergone various changes and revisions over time to meet modern security demands. One of these changes, the implementation of HITECH and digital record keeping, includes several additional rules on managing digital health records, including the concept of “meaningful use.”

Here, we will discuss what it means when HITECH legal language encourages the meaningful use of health records and how that can impact compliance and security.