Cloud and IT services in federal and defense markets are a booming business. The national infrastructure is turning to stable and flexible IT infrastructure to help mobilize the supply chain in a way that can meet modern security and domestic challenges. Accordingly, many businesses are turning to new certification frameworks like CMMC to support contracting in these areas. 

Here we’re talking about what it means to prepare for CMMC certification. Contrary to popular belief, there are steps you can take to prepare before you even meet with a professional auditor to help that partner better serve you and streamline your compliance process. 

Read More

CMMC, RMF, FedRAMP, NIST 800-171, NIST 800-53, DFARS… there are a lot of terms, documents and requirements are thrown around when it comes to federal and defense contracting. Many of these items overlap to help contractors guarantee compliance and security, but without a clear understanding of their relationships, it’s easy to lose sight of the forest due to the trees. 

Here, we’ll cover some of the complications related to the upcoming CMMC migration for DoD contractors. This includes a comparison of CMMC against NIST 800-171 and DFARS, and what that means for contractors now and in the future. 

Read More

Any IT or cloud provider working with the government needs to show that they are secured against data breach or theft. As the SolarWinds hack has demonstrated, our interconnected technology systems are under attack from outside entities who want to gain access to critical civil, military, and industrial data and undermine our security. That’s why frameworks like FedRAMP and CMMC exist. 

But do these frameworks play well together? As of right now, there isn’t a clear 1-to-1 relationship between the two. But some similarities between the two could help cloud service providers who want to work with defense agencies prepare their systems for CMMC compliance if they currently have FedRAMP certification. 

Read More