The Cybersecurity Maturity Model Certification (CMMC) framework of regulations is a relatively new governing document that combines several cybersecurity and risk management requirements to streamline security and compliance for agencies and contractors in the Defense Industrial Base (DIB) supply chain. 

Even though all DoD agencies do not yet require this framework, its roadmap suggests that it will become a requirement in the coming years.

Central to CMMC regulations are three security levels, each determining the data a contractor can manage in their systems. These levels are distinguished by an escalating series of requirements regarding an organization’s technical capabilities and abilities. 

Read More

Cloud and IT services in federal and defense markets are a booming business. The national infrastructure is turning to stable and flexible IT infrastructure to help mobilize the supply chain in a way that can meet modern security and domestic challenges. Accordingly, many businesses are turning to new certification frameworks like CMMC to support contracting in these areas. 

Here we’re talking about what it means to prepare for CMMC certification. Contrary to popular belief, there are steps you can take to prepare before you even meet with a professional auditor to help that partner better serve you and streamline your compliance process. 

Read More

CMMC, RMF, FedRAMP, NIST 800-171, NIST 800-53, DFARS… there are a lot of terms, documents and requirements are thrown around when it comes to federal and defense contracting. Many of these items overlap to help contractors guarantee compliance and security, but without a clear understanding of their relationships, it’s easy to lose sight of the forest due to the trees. 

Here, we’ll cover some of the complications related to the upcoming CMMC migration for DoD contractors. This includes a comparison of CMMC against NIST 800-171 and DFARS, and what that means for contractors now and in the future. 

Read More