What is the Difference Between DFARS and CMMC?

DFARS featured

Security and compliance are paramount in the defense industry–even for unclassified information, like Controlled Unclassified Information (CUI). The operations of these particular industries call for the utmost discretion, and all stakeholders must be on the same page. 

As modern digital infrastructure makes its way into the defense supply chain, it’s equally crucial for contractors and business operators to meet these exact requirements. That’s why the Department of Defense (DoD) has created two different cybersecurity frameworks over the past few decades–the Defense Acquisition Federal Regulation Supplement (DFARS) and the Cybersecurity Maturity Model Certification (CMMC) framework.

 

Read More

NIST SP 800-171 vs. 800-172: What’s the Difference?

NIST SP 800-171 featured

The unveiling of CMMC 2.0 last November raised a lot of questions, but also brought a lot of relief. The streamlining of security around Controlled Unclassified Information (CUI) will help defense agencies and contractors better secure their systems without burdening them with operational overhead. This is crucial for organizations who want to support these agencies but don’t know much about either NIST SP 800-171 or NIST SP 800-172, the core documents of CMMC.

 

Read More

Do I Need a Certified Third-Party Assessment Organization (C3PAO) Under CMMC 2.0?

CMMC 2.0

The DoD recently released its framework for the next model in CMMC compliance and audits–CMMC 2.0. This revision is expected to streamline the compliance process and trim some of the extraneous requirements from the framework, helping contractors in the DoD supply chain better meet their requirements without introducing unnecessary challenges or redundancies. 

One of the more important aspects of CMMC certification is the inclusion of third-party audits. With the introduction of CMMC 2.0, these requirements have changed to make certification easier for contractors without sacrificing security. 

Read More