ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
CMMC, RMF, FedRAMP, NIST 800-171, NIST 800-53, DFARS… there are a lot of terms, documents and requirements are thrown around when it comes to federal and defense contracting. Many of these items overlap to help contractors guarantee compliance and security, but without a clear understanding of their relationships, it’s easy to lose sight of the forest due to the trees.
Here, we’ll cover some of the complications related to the upcoming CMMC migration for DoD contractors. This includes a comparison of CMMC against NIST 800-171 and DFARS, and what that means for contractors now and in the future.
“Resiliency” is a word that gets thrown around a lot by professionals interested in the continuity of business in times of disruption. The fact is that depending on the industry and business model, resiliency is more akin to a science than anything else. Professionals measure things like logistics, statistics, risk and operational effectiveness to balance preparedness and operational efficiency.