Guidance for CSPs & DoD Contractors Using Cloud Services to Handle CUI

2022-09-12T16:29:54+00:00

By Greg Kent, Senior Vice President, CTO A previous blog discussed the latest guidance from DoD and the Cyber AB in the draft CMMC Assessment Process (CAP) document. Specifically, CSPs need to address both criteria defined in the CMMC CAP: (1)  documenting an SSP that attests to the compliance status, describes how the requirement [...]

Guidance for CSPs & DoD Contractors Using Cloud Services to Handle CUI2022-09-12T16:29:54+00:00

Understanding DoD FedRAMP Moderate Equivalency Requirements for CSPs

2022-08-26T13:43:43+00:00

By Greg Kent, Senior Vice President, CTO DoD contractors using a cloud service provider (CSP) to store, process, or transmit covered defense information (CDI)/controlled unclassified information (CUI) must require and ensure that the CSP meets security requirements equivalent to those within the FedRAMP Moderate baseline. Since DFARS clause 252.204-7012 section (b)(2)(ii)(D) was finalized, many [...]

Understanding DoD FedRAMP Moderate Equivalency Requirements for CSPs2022-08-26T13:43:43+00:00

Multifactor Requirements for CMMC

2022-06-08T19:14:04+00:00

By Greg Kent, Senior Vice President, CTO CMMC requirements for multifactor authentication (MFA) seems to stump many SMBs.  CMMC control IA.L2-3.5.3 requires Federal contractors to "Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts."  But what exactly does this mean? Understanding some NIST terminology is essential [...]

Multifactor Requirements for CMMC2022-06-08T19:14:04+00:00

Clarifying Cloudy Responsibilities for CMMC Success

2022-05-12T19:00:16+00:00

By Connor Payne With CMMC generally consisting of a “follow the data” exercise, DoD contractors often underestimate their reliance on third-party vendors to store, protect, process, or transmit CUI data. Many small and midsize businesses (SMBs) rely heavily on managed service providers (MSPs) and even more refined services such as managed security service providers (MSSPs), [...]

Clarifying Cloudy Responsibilities for CMMC Success2022-05-12T19:00:16+00:00

Shared Responsibilities: You’re Not (Totally) Off the Hook

2022-06-08T19:13:25+00:00

By Connor Payne Inherited controls from a cloud service provider such as Amazon Web Services (AWS) or Microsoft Azure include physical and environmental controls that a customer fully inherits from the provider. In general terms, shared responsibility means that the cloud service provider is responsible for the security of the cloud while the customer is [...]

Shared Responsibilities: You’re Not (Totally) Off the Hook2022-06-08T19:13:25+00:00

CMMC, Take 2.0 – 3 Strategic Tips for Success

2022-01-29T03:21:11+00:00

By Les Buday, Managing Director “Streamlined. Flexible. Secure.” This is the tagline listed on the CMMC website managed by the Office of the Under Secretary of Defense (OUSD) Acquisition & Sustainment (A&S). On this website you can find all of the information regarding the newly redefined Cybersecurity Maturity Model Certification (CMMC) program. More commonly referred to as [...]

CMMC, Take 2.0 – 3 Strategic Tips for Success2022-01-29T03:21:11+00:00

Follow the CUI for CMMC Compliance

2022-01-12T20:27:39+00:00

By Greg Kent “Follow the CUI.”  That is the standard practice that DoD contractors follow to determine exactly what system components and networks are within the scope boundary for Level 3 Cybersecurity Maturity Model Certification (CMMC) compliance.  Any system, network, or component that is used to store, process, transmit, or secure CUI should be included [...]

Follow the CUI for CMMC Compliance2022-01-12T20:27:39+00:00

VDI for CUI

2022-02-04T18:53:42+00:00

By Josh Griswell One approach that contractors can take in approaching CMMC is including all of their infrastructure within the scope boundary for a CMMC certification. This means that all of the company’s components and devices would have to follow the processes and practices required by CMMC. The larger the company’s environment, the more complex [...]

VDI for CUI2022-02-04T18:53:42+00:00

New 800-171 Assessment Process in DFARS Rule Change

2022-02-04T13:43:45+00:00

By Greg Kent The Department of Defense (DoD) recently released changes to DFARS rules for security assessments required for contractors. The CMMC Interim Rule (DFARS Case 2019-D041) requires defense contractors to self-report a score of compliance with 800-171 controls using a specified scoring methodology. Results of these assessments will be posted on the Supplier Performance [...]

New 800-171 Assessment Process in DFARS Rule Change2022-02-04T13:43:45+00:00

Sharpen Your Pencils for CMMC

2022-02-04T13:39:59+00:00

By Greg Kent Fall will be here before you know it, so now is a good time for DoD contractors to review their business development and contract strategy for the coming year. With CMMC being required for bidding on new contracts towards the end of 2020, there are big changes on the horizon. Once the [...]

Sharpen Your Pencils for CMMC2022-02-04T13:39:59+00:00
Go to Top