What is CMMC 2.0 and, Why Is the Defense Department Changing Requirements?

cmmc 2.0 featured

The Cybersecurity Maturity Model Certification (CMMC) framework is a relatively new yet still partially implemented set of cybersecurity regulations targeting DoD agencies and contractors. The DoD specifically built the rules to address the IT infrastructure and security practices needed to handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). After a lengthy review, the DoD has, as of November 2021, released an updated version of CMMC, known colloquially as CMMC 2.0.

What is CMMC 2.0? We’ll cover some of the more significant changes here, what this means for DoD contractors, and how you can prepare for the change.

Read More

What is NIST SP 800-171 and What Role Does it Play in Defense Contracting Compliance?

NIST 800-171 featured

The document library of the NIST website can be daunting and seemingly endless in terms of the various frameworks, controls and requirements that it provides. The 800 series, in particular, while important and, in many cases, necessary, is also hard to penetrate if you don’t already have some knowledge of what it contains. This can challenge organizations working with the DoD supply chain, especially those handling classified or sensitive material. 

This article will cover one of these publications: NIST 800-171. This document defines security for a specific form of government information that many contractors under the executive or defense departments: CUI. While important, this document also informs several important security frameworks, namely CMMC.

 

Read More

Understanding CMMC: Watch Out for Unauthorized Training Providers

cmmc auditing

The Cybersecurity Maturity Model Certification (CMMC) framework is a new and evolving compliance standard for contractors working with agencies under the Department of Defense (DoD) or select Executive Branch functions. 

Much of this framework focuses on the readiness of a contractor to manage risk and security in their IT systems, and the capabilities they have to handle Controlled Unclassified Information (CUI). Since this is such a new framework, however, there is a push to train cybersecurity auditors and managed service providers who can successfully audit contractors in the upcoming years. Accordingly, there are plenty of companies out there advertising that they can provide training for CMMC audits and implementation. 

You must vet any organization that claims they can provide authorized instruction or assessments for CMMC authorization. 

 

Read More