The Charles IT Blog

C3PAO: 5 Key Things to Know About Third-Party CMMC Auditors

C3PAO: 5 Key Things to Know About Third-Party CMMC Auditors

The Cybersecurity Maturity Model Certification (CMMC) was introduced to establish consistent cybersecurity standards throughout the Defense Industrial Base (DIB). Every organization in the DIB must achieve a minimum level of security maturity before they can win contracts. The framework specifies five levels, with the highest typically opening the door to the most lucrative contracts. You can ...

CMMC Compliance: 4 Ways A Managed IT Service Provider Can Help

CMMC Compliance: 4 Ways A Managed IT Service Provider Can Help

With 171 unique security controls required to meet the highest level of CMMC compliance, it can be a monumental task to prepare your business for the latest standards mandated by the US Department of Defense.

The Basics of Designing A System Security Plan

The Basics of Designing A System Security Plan

The DFARS 252.204-7012 clause requires that all contractors and subcontractors of the US Department of Defense maintain an up-to-date system security plan (SSP). You will likely be asked to provide this plan before you can sign any contract with the DoD as evidence showing that your organization has achieved an adequate level of security. Your SSP should align with the requirements of the NIST ...

What Are the Consequences of Noncompliance?

What Are the Consequences of Noncompliance?

Navigating DFARS 252.204.7012 compliance requirements can be challenging. It requires tightening DFARS-specific security controls, an area in which the expertise of compliance experts who can help fill the gaps in your IT system will prove invaluable. More importantly, they can help ensure you abide by your contract with the Department of Defense (DoD) to protect covered defense information (CDI) ...

What Exactly is Considered CUI?

What Exactly is Considered CUI?

Signing off contracts with the US Department of Defense, either in the capacity of a contractor or subcontractor, can be highly lucrative. After all, the DoD is an enormous market consisting of around 200,000 organizations that make up the Defense Industrial Base (DIB).

When Do You Need to Meet the Requirements of NIST 800-171?

When Do You Need to Meet the Requirements of NIST 800-171?

Every business that works with the US Department of Defense needs to be compliant with the Defense Federal Acquisition Regulation Supplement (DFARS). This includes both contractors who work directly with the DoD and any subcontractors that in turn work with them.

How Can A Small Business Approach Compliance?

How Can A Small Business Approach Compliance?

Protecting controlled unclassified information (CUI) has been a top priority for the Department of Defense and its 200,000-strong supply chain in recent years. Facing increasing threats from state-sponsored attackers and cybercriminals, defense contractors and their subcontractors are now under increasing pressure to step up their cybersecurity.

Understanding Subcontractor Responsibilities

Understanding Subcontractor Responsibilities

The Defense Industrial Base (DIB) is one of the largest supply chains in the world, employing over a million people in 200,000 organizations. Protecting that supply chain from threats such as state-sponsored attackers and cybercriminals is no easy task, which is why there are strict rules in place governing the collection and usage of data pertaining to the DoD.

What Does the Term ‘Adequate Security’ Really Mean?

What Does the Term ‘Adequate Security’ Really Mean?

The DFARS 252.204-7012 documentation requires defense contractors and subcontractors to implement adequate security measures to protect controlled unclassified information (CUI). This is, of course, an extremely vague term that, by itself, is rather unhelpful.

What You Need to Know About Cyber Incident Reporting

What You Need to Know About Cyber Incident Reporting

Defense contractors operate in one of the most heavily regulated industry sectors of all. They face a wide range of threats from various sources, such as insider threat, social engineering, and state-sponsored attacks. Taking every possible step to achieve the standards demanded by the DFARS 252.204-7012 framework is essential to mitigate those risks and validate your efforts to remain compliant.