The Department of Defense has recently released plans for CMMC 2.0, the revised standards for compliance and security in the DoD supply chain. Many contractors working with DoD agencies were already gearing up for CMMC 1.0, and now are left wondering what is next for them and their business.

The important thing to remember is that CMMC 1.0 hasn’t gone away, and as such it’s possible to continue on your current compliance path, based on any RFP requirements and streamline your path to CMMC 2.0 compliance.

Read More

Penetration testing is an increasingly common security practice for many businesses using sophisticated IT or cloud systems. Under CMMC, penetration testing is even more important because achieving higher levels of responsibility and capabilities calls for some form of penetration testing. 

Here we’re discussing how penetration testing plays into CMMC regulations and when you can begin to expect it as a requirement. 

Read More

The Cybersecurity Maturity Model Certification (CMMC) framework of regulations is a relatively new governing document that combines several cybersecurity and risk management requirements to streamline security and compliance for agencies and contractors in the Defense Industrial Base (DIB) supply chain. 

Even though all DoD agencies do not yet require this framework, its roadmap suggests that it will become a requirement in the coming years.

Central to CMMC regulations are three security levels, each determining the data a contractor can manage in their systems. These levels are distinguished by an escalating series of requirements regarding an organization’s technical capabilities and abilities. 

Read More