CMMC has become a strict, rigorous set of regulations for contractors working with the Defense Department. It is a clear map of maturity and capabilities; its implementation of NIST 800-171 controls; and its call for complete compliance before certification make CMMC audits challenging for many unprepared businesses. Unlike other frameworks, CMMC doesn’t allow documents like a Plan of Action and Milestones (POA&M) to stand in for actual compliance. 

CMMC 2.0 seems to change that. Here, we will discuss a POA&M and what it means within the CMMC framework. 

Read More

Of all the upheavals and challenges we’ve seen in the past few years; cybersecurity is one of the most important topics emerging in 2021. Newsworthy attacks on SolarWinds and Colonial Pipelines have prompted the White House to release an executive order dictating a new set of collective cybersecurity standards for government agencies and contractors. Following that, private companies associated with the supply chain have also begun to adopt stricter security controls based on their risk profiles and reliance on cloud-based service providers. All of these organizations, from agencies to contractors to utility companies, are turning to cybersecurity as-a-service models to meet these demands. 

It seems like everything is “a service” these days, but it is important to realize that as modern cybersecurity threats evolve, it’s nearly impossible for individual organizations to keep up. Dedicated, expert compliance and security firms are rising to fill the gap and keep our systems safe. 

Read More

Cybersecurity is integral to any data-driven business, but building an effective cybersecurity apparatus can be challenging, if not outright daunting. Outside of industry-specific regulations, simply grasping the complexity of modern security threats and IT infrastructure has become an intellectual discipline on its own. That’s why compliance frameworks exist to help companies like yours best implement environments that can meet modern cyber threats.

One organization, the ISO, has dedicated significant resources to develop best practices and frameworks for organizations like yours to build effective and scalable cybersecurity systems that meet both the challenges of modern threats and the demands of modern compliance. ISO has released a series of documents, called the ISO 27000 series, to speak directly to these challenges. 

While we have previously discussed ISO 27001 and its importance to data-driven businesses, we will now expand that discussion into the next document, ISO 27002, and why it’s important to your organization. 

Read More