Archive for the ‘CMMC’ Category

Cyber Insurance Explained

Thursday, February 22nd, 2024

What To Know About Cybersecurity Insurance The cybersecurity insurance sector is in the midst of significant transformation. Escalating premiums, shifting prerequisites, and inconsistent standards within the industry present formidable hurdles for organizations seeking coverage. Now is a critical moment for these organizations to gain insight into the evolving landscape of cyber insurance and ascertain the […]

CMMC Security Awareness Training

Wednesday, August 23rd, 2023

CMMC v2.0 Definitive Guide for 2023 The cyber landscape is becoming more intricate by the day, especially for companies working within the Department of Defense (DoD) supply chain. One pivotal evolution in this sphere is the introduction of the Cybersecurity Maturity Model Certification (CMMC). At its heart lies the crucial concept of security awareness training. […]

NIST Requirements for Government Contractors

Monday, August 21st, 2023

A Comprehensive Guide to NIST Compliance In the dynamic world of government contracting, understanding and adhering to the National Institute of Standards and Technology (NIST) requirements is essential. These standards, particularly the NIST Special Publication 800-171, dictate how government contractors should manage and protect sensitive federal information. This guide provides an in-depth look at NIST […]

Google Cloud Penetration Testing

Monday, August 21st, 2023

Securing Your Cloud Infrastructure Google Cloud Penetration Testing: In today’s rapidly digitizing world, cloud environments have become essential to businesses of all sizes. With a massive surge in cloud adoption, ensuring security in these virtual environments is paramount. Google Cloud Platform (GCP) is a leading provider of cloud services, and penetration testing or “pen testing” […]

Government Contractor Cybersecurity

Monday, August 21st, 2023

Fortifying the Frontline of Public-Private Collaboration Government Contractor Cybersecurity is imperative in today’s hyper-connected era. The collaboration between governments and private entities is an integral part of national infrastructure and defense. Government contractors, serving as a bridge between bureaucratic mechanisms and cutting-edge private sector solutions, are a crucial link in this chain. As with all […]

Microsoft Azure Penetration Testing

Monday, August 21st, 2023

Microsoft Azure Penetration Testing

Penetration Testing and IT Managers

Thursday, August 17th, 2023

Why IT Managers Should Invest in 3rd Party Penetration Testing Penetration Testing and IT Managers should go hand in hand. In the rapidly evolving world of cybersecurity, one thing remains constant: the need for robust defense mechanisms against potential threats. IT managers, the gatekeepers of a company’s digital domain, are always on the lookout for […]

CMMC v2.1

Tuesday, August 15th, 2023

Elevating Cybersecurity Maturity for Defense Contractors The digital realm is a double-edged sword: while innovations have propelled industries to new heights, the accompanying cybersecurity threats have grown in tandem. Recognizing this, the Department of Defense (DoD) initiated the Cybersecurity Maturity Model Certification (CMMC). With the recent rollout of CMMC v2.1, defense contractors are required to […]

CMMC 2.0

Friday, November 26th, 2021

What DoD Contractors Need To Do While Waiting for CMMC updates The Department of Defense’s (DoD’s) Office of the Under Secretary of Defense for Acquisition and Sustainment recently issued a long-awaited overhaul to its Cybersecurity Maturity Model Certification (CMMC) program. The DoD introduced CMMC 2.0, which streamlines the CMMC program via a significant set of […]

US Government’s Cyber Security is a National Embarrassment

Friday, December 18th, 2020

We have been reporting for quite a while now that the cyber security within the US government, in general, is just NOT up to par.  The recent breach we have discussed over the last week or so really highlighted that fact.  It was well-known even before this Russian cyberattack but not much has really been […]

DoD Gets Ready for First CMMC Audits

Thursday, December 17th, 2020

The DoD will begin including CMMC cyber security requirements in select solicitations beginning in 2021. Are you ready? It’s really not surprising that the DoD is concerned, especially if you have been following along with our last few blog posts about the massive breach that has compromised major US Governmental departments. As you probably know, […]

The Hack that Keeps on Hacking

Tuesday, December 15th, 2020

Every day, the information we learn about the FireEye hack just keeps getting increasingly worse. Last week we wrote about the hack occurring; yesterday we reported that not only was FireEye impacted, but the US government was, as well… Along with businesses and other governments across the globe; and today, we are starting to understand […]

Must I Comply with the New DFARS Interim Rule?

Wednesday, November 11th, 2020

Based on some confusing and potentially conflicting information we have found, we thought it was extremely important to clarify all expectations that the DoD has of its primes, subs and vendors. From listening to podcasts, watching and attending webinars, and reading any and every publication and white paper we can get our hands on, one […]

NIST Dishonesty: What Happens When Contractors Aren’t Truthful

Monday, November 9th, 2020

Penalties: Case Studies (An Excerpt from Craig’s newest book: “Ultimate Guide to CMMC: How to Access Millions in Government Contracts”) As we have established, it is clear that the “self-reporting” and “honor system” for government contractors who are required to abide by NIST 800-171 to gain government contracts is NOT working. But just because everyone […]

URGENT DFARS UPDATE: Do Not Lose Your Contract!

Friday, November 6th, 2020

“CMMC certification is your Driver’s License on the Information Superhighway.” -Katie Arrington And if that’s the case (which it is), then the self-assessment required by the new DFARS Interim Rule is your permit… One that you must attain before December 1st, 2020 if you want to keep your car on the road- or your contract […]

Is HIPAA’s Security Rule Adaptive Enough to Stay Relevant?

Monday, April 6th, 2020

With the halt of HIPAA (Health Insurance Portability and Accountability Act of 1996) audits by the Department of Health and Human Services’ Office (HHS) for Civil Rights (OCR), the healthcare industry is seeing a decline of about 2% annually in compliance with HIPAA’s Security Rule (NIST 800-66).  With that, however, has been a rise in […]

How Avoiding Ransomware is like Avoiding the Coronavirus

Friday, March 13th, 2020

It’s no coincidence that the maturity levels in the new Cybersecurity Maturity Model Certification (CMMC) are being referred to as levels of “cyber hygiene.”  The World Health Organization (WHO) has been advising us that the most efficient way to protect against the Coronavirus (COVID-19) is to wash our hands regularly for at least 20 seconds […]

Understanding CMMC Maturity Levels (ML)

Thursday, February 27th, 2020

By this point, you should hopefully understand that the purpose of the Cybersecurity Maturity Model Certification (CMMC) is to simplify cybersecurity for federal contractors and sub-contractors. Katie Arrington, the DOD’s Chief Information Security Officer for Acquisition and Sustainment, noticed (quite aptly) that “self-certifying” just wasn’t cutting the cake, so to speak.  Hackers were targeting contractors, […]

US Blames Russia for Attack on Georgia

Wednesday, February 26th, 2020

State Department officials blamed the Russian military intelligence agency’s (GRU) Main Center for Special Technology (GTsST), for cyberattacks targeting the country of Georgia this past October; attacks that not only impacted thousands of websites, but actually disrupted two Georgian networks.  This is the first time the US State Department openly linked the GTsST to Sandworm, […]

Falling Down the CMMC Rabbit Hole

Wednesday, February 26th, 2020

Sometimes, government requirements and regulations can make you feel like you are Alice falling down new rabbit holes, trying to figure out just what exactly your business needs to do to win (and keep) your contracts and subcontracts. Do you need to be NIST certified? SP 800-53 or SP 800-171, or both?  What are FARS […]