Chris H.

Does being compliant with CMMC really matter right now? A small fraction of defense contractors have already done the hard work to prepare for these critical requirements to protect our national defense infrastructure. For the remaining ~200,000 contractors, it is a risk management decision. Can you afford to lose contracts with those clauses? Would your business stay afloat without that government customer? Could waiting hurt your business and bottom line? We have seen companies lose HUGE contracts that resulted in having to layoff people who have been there for 20 years. This stuff has a huge impact. Don’t think that you have to do it all at once! You just need to start with a solid plan and a budget. When you do this, you are ahead of the majority and will be on your way to a competitive advantage before you know it. The hardest part is getting started. Feeling stuck? Valor Cybersecurity is here to help you get ready. #cybersecurity #defense #compliance #dod

6

The most comprehensive guide to CMMC and CUI I have ever seen and a great read for any contractors doing business with DoD https://lnkd.in/gMP692jM

4

DISA Expands Thunderdome Zero Trust Program Deployment; Brian Hermann, Quoted. ExecutiveGov discusses the Defense Information Systems Agency's (DISA) expansion of the Thunderdome zero trust program. In 2023, the program was deployed to 15 sites and plans are underway to extend it to 60 more sites in 2024. The program involves four key components: 🔐 Customer security stacks 🔗 Software-defined wide area networking 📴 Secure access service edge capability, and 💯 Application security stacks. Brian Hermann, DISA's director of the cybersecurity and analytics directorate, emphasized the program's role in advancing zero trust architecture, which is crucial for organizational security. DISA has also finalized the contracting process to support the U.S. Coast Guard’s network security improvement efforts through Thunderdome. Versa Networks is at the forefront of enhancing cybersecurity with their pivotal role in DISA's Thunderdome project. Their cutting-edge solutions are setting new standards in securing our nation's digital infrastructure. For more details, you can read the full article here:-https://lnkd.in/gd4wAWM2 #DISA #Thunderdome #ZeroTrust #Cybersecurity #versanetworks #channelpartners

5

🤔 Well said Help Net Security “The tool excels in distributing software across various secure development settings, including edge and embedded systems, secure clouds, data centers, and local setups.” “Zarf simplifies deployments into a single compressed file containing everything your app needs. It can be installed without an internet connection. Its declarative approach ensures consistent application deployment every time. The tool can also incorporate legacy code into modern DevSecOps environments, facilitating deployment.” https://lnkd.in/eRwgmKwG

57

2 Comments

Good news for DoD contractors, you can inherit controls from an authorized cloud provider. CMMC compliance isn’t a one-and-done task. Staying compliant is easier for you now while you inherit the changed controls your provider is implementing WITHOUT you needing to update yourself.  Kahua CTO Colin Whitlatch explains more in this clip. Get the full scoop on CMMC here: https://lnkd.in/gYY7ww4K #CMMC #FedRAMP #DefenseIndustrialBase #Construction  

32

1 Comment

CISA called federal agencies to be complied for secure cloud services BOD 25-01: Implementing Secure Practices for Cloud Services Required Configurations Although BOD 25-01 only requires action by Federal Civilian Executive Branch agencies, CISA strongly recommends all stakeholders implement these policies and leverage CISA’s SCuBA assessment tool. Doing so will reduce significant risk and enhance collective resilience across the cybersecurity community. https://lnkd.in/di5bdfbM #SecureCloudService #CISA #MicrosoftSecurity #Trustnet #TSOC Asaf Toizer Moshe Dadush Guy Raba Aviv Mizrahi

9

3 things have been true since CMMC 2.0 was announced in November 2021 1) CMMC is happening 2) DoD will offer cybersecurity tools and services 3) There is a huge gap between CMMC requirements and DoD's solutions It started with the DoD CIO's Town Hall in February 2022 and has persisted in various panels, presentations, and testimonies since then. Now, years after CMMC became an inevitability, those offerings are formalized in Appendix III of DoD's recent DIB Cyber Strategy: - Network traffic monitoring x2 - Threat detection and blocking x2 - Vulnerability scanning x2 - Cybersecurity program evaluation - Network mapping - Phishing assessments - Asset discovery - Training through Project Spectrum and Blue Cyber Yet the gap between the offerings and the requirements verified by CMMC remains and I see no possible way that changes between now and roll-out of CMMC (which could start as early as the end of this year). The bottom line: hoping that DoD will suddenly change course to match tools and services to the requirements imposed on the DIB is not a strategy. Contractors and subs should plan accordingly.

57

8 Comments

Join us on Wednesday, May 29th at 8:30 AM to discover how CERT Ukraine and CISA work together to combat cyber threats! Limited tickets available - act fast! Link in bio for more details and to get tickets. #CERTUkraine #CISA #CyberDefense #Collaboration #CyberSecurity.

12

"(1) Affirming Official. The Affirming Official is the senior level representative from within each Organization Seeking Assessment (OSA) who is responsible for ensuring the OSA’s compliance with the CMMC Program requirements and has the authority to affirm the OSA’s continuing compliance with the specified security requirements for their respective organizations. (2) Affirmation content. Each CMMC affirmation shall include the following information: (i) Name, title, and contact information for the Affirming Official; and (ii) Affirmation statement attesting that the OSA has implemented and will maintain implementation of all applicable CMMC security requirements to their CMMC Status for all information systems within the relevant CMMC Assessment Scope." #cmmc #dod #cybersecurity

25

Tired of managing security testing across a scattered team? AttackIQ Mission Control centralizes control testing for faster remediation and improved ROI. 📅 Join Jose Barajas at 10 AM PT/12 PM CT/1 PM ET on July 18th to learn how AttackIQ Mission Control streamlines security operations for organizations. Discover how to seamlessly orchestrate testing across departments and locations, gain insights specific to your role with role-based dashboards, and simplify testing workflows for faster results. ➡ Register today and optimize your #SecurityOperations: https://bit.ly/3RZa5hw #LinkedInLive #Cybersecurity

13

Imagine losing a multi-million-dollar DoD contract because of overlooked compliance gaps. It's not just a theoretical risk—it's the reality many contractors will face in 2025. A single weak point in your supply chain or outdated cybersecurity measures can trigger an audit failure. Non-compliance doesn't just cost money; it costs trust and a lot of headache. The businesses that fail to act now will be scrambling to recover in a market that rewards preparedness. Can your business afford to be caught off guard?

2

Interested in Cybersecurity and hardening your infrastructure? Did you know that the Department of Homeland Security and specifically the Cybersecurity and Infrastructure Security Agency offer a ton of free online courses and programs. I'm adding a link specifically to the Assessment Evaluation and Standardization (AES) Program but there are a lot of resources available as well as free evaluations for organizations to harden themselves against threats. #Cybersecurity #InfrastructureSecurity #CISAServices #DHS #FreeTraining #OnlineCourses #CyberThreats #SecurityEvaluation #BusinessProtection #ITSecurity #CyberAwareness #TechTraining #CyberSafety #DataProtection #CyberDefense #ITInfrastructure #SoftStackers https://lnkd.in/g6_aKANZ

8

🚨 DFARS 252.204-7021 (the CMMC clause) is currently at the Office of Management and Budget (OMB) 🚨 The abstract states, "DoD is amending an interim rule to implement the CMMC framework 2.0 in order to protect against the theft of intellectual property and sensitive information from the Defense Industrial Base (DIB) sector. The CMMC framework, as defined in Title 32 of the Code of Federal Regulations (CFR), assesses compliance with applicable information security requirements. This rule provides the Department with assurances that a DIB contractor can adequately protect sensitive unclassified information at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain." Once approved, the rule will be sent to the Federal Register for publication 👀 You can see the rule here: https://lnkd.in/eyP5dqre Shoutout to Eric Crusius for breaking this news! #cmmc #dod #cybersecurity

35

How am I helping agencies tackle cybersecurity and compliance for $1,500 or LESS a year? If you've ever had to put it off because of budget or time, i hope this can help you... I've been helping agencies with this a long time now and I've seen a lot of people hire expensive consultants when a lot of the resources they need are actually free (I'll share some with you in a moment). It's usually just that they need help with questions or figuring out how to manage a big project, but there are more affordable ways to get the right help so you can save your money to implement the right technology instead. Through our Secure My Agency program, we provide support so you have a place to turn with questions and have a ton of resources to help you stay on track. Our weekly workshops that start tomorrow, July 9th at 12MT, will guide you through the steps you need to take to meet and demonstrate compliance with most insurance data security requirements. The first phase of this series is focused on getting you compliant by the end of 2024, with additional phases that continue into 2025 that will continue to help you address your cyber risks and compliance. During each session, we'll tackle parts of the CIS framework and the core components that are needed to meet your requirements. You'll get templates that we customize together in the live workshop, resources to help you implement the best practices, and ways to track your projects. This not only gives you the help you need and someone to turn to, but helps you stay on track. What keeps it cheap is our ability to support these efforts at scale, combined with the option to join us month-to-month ($149/month right now) or get a full year access for a discount ($1,499/year). You also get access to resources from the Sell More Cyber program to help your sales team while you're an active member. I'll put a link in the comments but check out the program to unlock the content and upcoming workshops, and to get help from the team here at RLS Consulting! For those that want to go completely on their own, I recommend grabbing the CIS 18 Security Controls and their related resources (all are available for free from CIS - linked in comments as well). But if you decide you need help, we'll be here! --------------------------------------------------- Follow me for more cyber-related content dedicated to: - helping insurance agencies protect themselves from cyber risks - helping your agency sell more cyber liability

27

1 Comment

DoD Contractors: FCI vs CUI We discuss CMMC Compliance requirements, implementing NIST 800-171 110 controls to meet CMMC Level 1 and prepare for CMMC Level 2 assessment.

2

1 Comment

💡 Have you considered becoming a CMMC Certified Professional (CCP)? 👉 The requirements can be difficult to navigate, and don't always provide future CCPs with a clear picture of exactly what is required to become certified 👉 Hopefully this can help someone interested in pursuing the CCP better understand the costs associated with this pursuit ❓ If you have questions about whether becoming a CCP is the right path for you, or if it would provide value to you or your organization, please reach out #CMMC #CCP #cui #dod

16

5 Comments

🚀 Exciting News for Defense Contractors! 🚀 The Department of Defense (DoD) has introduced the Cybersecurity Maturity Model Certification (CMMC) to bolster the safeguarding of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). This initiative is a transformative step for the Defense Industrial Base (DIB), requiring all contractors and subcontractors to adhere to rigorous cybersecurity standards prior to being awarded contracts. 🔍 Why is CMMC Important? 💪 Strengthened Security: By implementing CMMC, organizations can better defend against cyber threats and protect Controlled Unclassified Information (CUI). ✈ Competitive Advantage: Certification can enhance an organization’s credibility and open new business opportunities within the defense sector. 🤝 Collaboration & Compliance: CMMC encourages a culture of security across the supply chain, fostering collaboration between defense contractors and the DoD. If you have question connect with me #cmmc #NIST800-171 #icttariq

33

Jacob presents a simple set of guidance for implementing CMMC and the foundational security controls in SP 800-172r2 to those either currently engaged or interested in DoD contracting opportunities. The message is pretty simple: 1. compliance with the security controls in NIST 800-171r2 has been a contractual requirement for anybody who has held a contract or is holding a contract with DoD that contains the DFARS 252.204.7012 since December 31, 2017. 2. Self attestation of compliance by the DoD contractors through the SPRS system has failed, and DoD created the CMMC program to require assessments by trained, 3rd party assessors (C3PAOs and their certified assessors) to certify compliance as appropriate with NIST 800-171r2 controls. 3. The CMMC program regulations (Title 32 of the CFR) will become effective December 16, 2024. DoD contractors will be required to either self assess their compliance for safeguarding Federal Contract Information or Controlled Unclassified Information through the SPRS system or obtain a certification from a C3PAO and its team that it meets the CMMC program at Level 2. 4. The comment period on Title 48 which will make compliance for Level 2 a contract requirement will be required for contract award 60 days after its effective date in accordance with a four year phase-in period. Current forecasts begins with Phase 1 for new contracts in June 2025 and ends with Phase 4 after four years when most DoD contracts will require CMMC Level 2 certification by a C3PAO and its assessment team. 5. Jacob provides several useful resources and references throughout his blog. I encourage you to heed Jacob's Counsel on this matter, and determine where your organization falls in this discussion. I attended an earlier version of his CMMC online training and found it an excellent course and well worth the modest fee he charges.

1

1 Comment