How to Find Your NIST 800-171 & CMMC Requirements: A Comprehensive Guide to Determine Your Compliance Requirements from Your Primes and Clients.
One of the most frequently asked questions I receive is: “How do I know if I need to be compliant with either the NIST 800-171 or CMMC frameworks?” The bottom line is that if you possess controlled unclassified information (CUI) then your organization – with the exception of commercial off the shelf (COTS) companies – will likely have to fulfill these compliance requirements. Unfortunately, it’s not always clear to many…Continued
What You’re Likely Missing about CMMC Compliance: Lessons from an MSP’s CMMC Readiness Review Assessment
We had a great webinar with our partners at NQA pertaining to our experience undergoing a CMMC 3 Readiness Review Assessment. We’ve conveniently recorded it HERE in case you missed it, so you can learn about some of the most overlooked aspects of a CMMC implementation including an overview of what it takes to become certification-ready. We hope our webinar helped address some of our audiences’ lingering questions about the assessment process…Continued
Today’s Business Need for a vCISO There’s little doubt that the influx of new government regulations around privacy and data security requirements have become the primary area of focus for many DIB (Defense Industrial Base) and GSA contractors. These companies are now required to become compliant with a relatively new DoD mandate known as the Cybersecurity Maturity Model Certification (CMMC) which requires these contractors meet and sustain an on-going cybersecurity…Continued
With enforcement set to begin for the CMMC, we’ve received a lot of questions from clients about the role that government licensing (GCC & GCC High) for CSPs (Office 365 Commercial, Azure, AWS etc.) will have in relation to addressing their respective CMMC 3-5 requirements. It’s long been known that this type of government licensing is extremely costly from both a price and implementation standpoint, and as a result, is…Continued
Critical Update for GSA Stars III Contractors; New IT Compliance Requirement Mandates Organizations that are listed under the GSA are companies that work with the government, outside of the DoD. It was recently announced (GSA STARS III CMMC Release) that- effectively immediately- GSA companies may have to begin adhering to the CMMC if required within their contracts. Although the majority of them falling under the CMMC 1 requirements, the CMMC…Continued