The Cybersecurity Maturity Model Certification (CMMC) framework is a relatively new yet still partially implemented set of cybersecurity regulations targeting DoD agencies and contractors. The DoD specifically built the rules to address the IT infrastructure and security practices needed to handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). After a lengthy review, the DoD has, as of November 2021, released an updated version of CMMC, known colloquially as CMMC 2.0.

What is CMMC 2.0? We’ll cover some of the more significant changes here, what this means for DoD contractors, and how you can prepare for the change.

Read More

It makes sense that some of the more powerful and rigorous security regulations are in the federal government. As federal agencies turn to third-party IT vendors to fulfill their missions, the demand for transparent, translatable and effective security regulations is only increasing. That’s why NIST 800-53, now on its fifth revision, is so important for agencies and contractors alike. 

Here, learn more about NIST 800-53, why it is so important to government (and, increasingly, private sector) IT security and why it benefits you to consider adopting its standards. 

Read More

Some security regulations and recommendations, like FedRAMP, FIPS, or HIPAA, are required of any managed service providers working in specific industries like government or healthcare. Others, like Service Organization Control (SOC) compliance, are not always necessary but help demonstrate that security controls are in place to protect client data. Because of this fact, they are an essential part of an MSPs auditing structure.

Learn more about why your MSP should be using SOC auditing and compliance as part of its business model.

Read More