With all the shifts in cybersecurity, one framework has been steadily solidifying requirements and expectations: CMMC. With the revision of CMMC 2.0 and the following feedback from vendors and the industry, it has been a years-long process to get this framework in place. Now, contractors in the DIB are seeing that framework become concrete requirements. 

With the October and November deadlines approaching, organizations in the DoD supply chain must understand what’s coming and what they should do. 

Read More

To meet CMMC requirements, organizations need a security strategy that integrates technology, people, and policies. It is important to know when to use IT solutions and when to involve HR and leadership so everyone works toward the same goals.

If you are a Department of Defense contractor preparing for CMMC certification, remember that people and policies are as important as technology.

Read More

A FedRAMP Moderate baseline, now classified as Class C under the updated FedRAMP 20x framework, requires documentation and validation of over 300 controls–not an insignificant number, regardless of the enterprise. 

Modern IT, however, rests on a network of digital infrastructure and vendor-supplied applications. If your app runs on a FedRAMP-authorized infrastructure provider, you benefit from the fact that those providers have already invested years and tens of millions of dollars in proving the security of systems to a Third Party Assessment Organization (3PAO). 

By maximizing your Customer Responsibility Matrix (CRM) and building an inheritance-first architecture, organizations can offload their documentation and assessment burden to their underlying provider, reducing total time-to-ATO by 30% or more. 

Read More