By Connor Payne With CMMC generally consisting of a “follow the data” exercise, DoD contractors often underestimate their reliance on third-party vendors to store, protect, process, or transmit CUI data. Many small and midsize businesses (SMBs) rely heavily on managed service providers (MSPs) and even more refined services such as managed security service providers (MSSPs), [...]
By Connor Payne Inherited controls from a cloud service provider such as Amazon Web Services (AWS) or Microsoft Azure include physical and environmental controls that a customer fully inherits from the provider. In general terms, shared responsibility means that the cloud service provider is responsible for the security of the cloud while the customer is [...]
By Greg Kent “Follow the CUI.” That is the standard practice that DoD contractors follow to determine exactly what system components and networks are within the scope boundary for Level 3 Cybersecurity Maturity Model Certification (CMMC) compliance. Any system, network, or component that is used to store, process, transmit, or secure CUI should be included [...]
By Tobias McCurry Although remote access into corporate networks isn’t new, such widespread, continuous use of remote access is. Organizations very early on identified capacity issues, but some legacy security risks in remote access solutions may be exacerbated by the extensive use of remote access under a widespread work from home scenario. Accordingly, it may [...]
By Josh Griswell One approach that contractors can take in approaching CMMC is including all of their infrastructure within the scope boundary for a CMMC certification. This means that all of the company’s components and devices would have to follow the processes and practices required by CMMC. The larger the company’s environment, the more complex [...]
By Corey Clements Protecting the Country’s Data Ask what data can do for you but also ask what is required to protect your organization’s data. Data is only valuable when it provides insight for better actions. Stats and facts collecting database dust yields no benefits. But in order to analyze and share data, it must [...]
By Corey Clements In order to be useful, data must be analyzed and shared, while also being adequately protected to ensure security, compliance, and privacy. And that is the purpose of Executive Order 13556, which established the Controlled Unclassified Information (CUI) Program. Our earlier blog addressed how this EO standardized the way the executive branch [...]
By Corey Clements Cybersecurity concerns are driving a tougher stance from DoD on contractors and their implementation of security controls to protect controlled unclassified information (CUI). The Department of Defense has released new guidance and memos for contractors complying with NIST 800-171. Defense and procurement experts are characterizing the latest policies as more rigorous enforcement [...]
