Multifactor Requirements for CMMC


By Greg Kent, Senior Vice President, CTO CMMC requirements for multifactor authentication (MFA) seems to stump many SMBs.  CMMC control IA.L2-3.5.3 requires Federal contractors to "Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts."  But what exactly does this mean? Understanding some NIST terminology is essential [...]

Multifactor Requirements for CMMC2022-06-08T19:14:04+00:00

Clarifying Cloudy Responsibilities for CMMC Success


By Connor Payne With CMMC generally consisting of a “follow the data” exercise, DoD contractors often underestimate their reliance on third-party vendors to store, protect, process, or transmit CUI data. Many small and midsize businesses (SMBs) rely heavily on managed service providers (MSPs) and even more refined services such as managed security service providers (MSSPs), [...]

Clarifying Cloudy Responsibilities for CMMC Success2022-05-12T19:00:16+00:00

Shared Responsibilities: You’re Not (Totally) Off the Hook


By Connor Payne Inherited controls from a cloud service provider such as Amazon Web Services (AWS) or Microsoft Azure include physical and environmental controls that a customer fully inherits from the provider. In general terms, shared responsibility means that the cloud service provider is responsible for the security of the cloud while the customer is [...]

Shared Responsibilities: You’re Not (Totally) Off the Hook2022-06-08T19:13:25+00:00

CMMC, Take 2.0 – 3 Strategic Tips for Success


By Les Buday, Managing Director “Streamlined. Flexible. Secure.” This is the tagline listed on the CMMC website managed by the Office of the Under Secretary of Defense (OUSD) Acquisition & Sustainment (A&S). On this website you can find all of the information regarding the newly redefined Cybersecurity Maturity Model Certification (CMMC) program. More commonly referred to as [...]

CMMC, Take 2.0 – 3 Strategic Tips for Success2022-01-29T03:21:11+00:00

Follow the CUI for CMMC Compliance


By Greg Kent “Follow the CUI.”  That is the standard practice that DoD contractors follow to determine exactly what system components and networks are within the scope boundary for Level 3 Cybersecurity Maturity Model Certification (CMMC) compliance.  Any system, network, or component that is used to store, process, transmit, or secure CUI should be included [...]

Follow the CUI for CMMC Compliance2022-01-12T20:27:39+00:00



By Josh Griswell One approach that contractors can take in approaching CMMC is including all of their infrastructure within the scope boundary for a CMMC certification. This means that all of the company’s components and devices would have to follow the processes and practices required by CMMC. The larger the company’s environment, the more complex [...]

VDI for CUI2022-02-04T18:53:42+00:00

New 800-171 Assessment Process in DFARS Rule Change


By Greg Kent The Department of Defense (DoD) recently released changes to DFARS rules for security assessments required for contractors. The CMMC Interim Rule (DFARS Case 2019-D041) requires defense contractors to self-report a score of compliance with 800-171 controls using a specified scoring methodology. Results of these assessments will be posted on the Supplier Performance [...]

New 800-171 Assessment Process in DFARS Rule Change2022-02-04T13:43:45+00:00

Sharpen Your Pencils for CMMC


By Greg Kent Fall will be here before you know it, so now is a good time for DoD contractors to review their business development and contract strategy for the coming year. With CMMC being required for bidding on new contracts towards the end of 2020, there are big changes on the horizon. Once the [...]

Sharpen Your Pencils for CMMC2022-02-04T13:39:59+00:00

CMMC Solutions for Defense Contractors


Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to undergo cybersecurity audit and certification, beginning in 2020/2021. Based on NIST 800-171 controls, the CMMC will be a single standard for all DoD contracts. Previous regulations for DoD contractors handling controlled unclassified information (CUI) allowed for self-certification of compliance with appropriate NIST 800-171 [...]

CMMC Solutions for Defense Contractors2022-01-12T19:57:11+00:00

DoD Contractors Prepare for CMMC


By Greg Kent In response to rising levels of data theft from contractors in the Department of Defense (DoD) supply chain, the Pentagon has announced the development of a program: the Cybersecurity Maturity Model Certification (CMMC). The DoD is working with John Hopkins University Applied Physics Laboratory (APL) and Carnegie Mellon University Software Engineering Institute (SEI) [...]

DoD Contractors Prepare for CMMC2022-02-04T13:50:00+00:00
Go to Top