Cyber threats continue to grow in complexity and sophistication. To address this evolution, the Department of Defense has introduced the Cybersecurity Maturity Model Certification (CMMC) 2.0 to ensure that defense contractors maintain robust cybersecurity practices to protect Controlled Unclassified Information (CUI). 

To address one of the most important processes in modern security (risk management), CMMC 2.0 includes some risk assessment requirements. 

This article will explore risk management’s vital role in achieving CMMC 2.0 compliance and its connection to the National Institute of Standards and Technology (NIST) guidelines, specifically NIST SP 800-171. We will delve into the various control families of NIST 800-171 and 800-172, their impact on risk management, and the steps organizations can take to address potential risks effectively.

Read More

With the Department of Defense unveiling CMMC version 2.0 last November, many contractors breathed a sigh of relief. The relaxed assessment requirements and streamlined structure signaled a willingness from the DoD to work with assessors and contractors to find a way to promote security over Controlled Unclassified Information (CUI) without making the process harder than it needed to be. 

Read More

Security and compliance are paramount in the defense industry–even for unclassified information, like Controlled Unclassified Information (CUI). The operations of these particular industries call for the utmost discretion, and all stakeholders must be on the same page. 

As modern digital infrastructure makes its way into the defense supply chain, it’s equally crucial for contractors and business operators to meet these exact requirements. That’s why the Department of Defense (DoD) has created two different cybersecurity frameworks over the past few decades–the Defense Acquisition Federal Regulation Supplement (DFARS) and the Cybersecurity Maturity Model Certification (CMMC) framework.

Read More