CMMC 2.0: What's In The New Version?

CMMC 2.0: What's In The New Version?

Last week, the U.S. Department of Defense came out with updates to CMMC the framework. The aim of the updates, labeled "CMMC 2.0", is to provide strategic direction following an internal program assessment by the Department leaders. The revision still maintains the compliance's goal of safeguarding sensitive information, while simplifying the standards it follows.

How Can a Gap Assessment Prepare You for CMMC Compliance?

How Can a Gap Assessment Prepare You for CMMC Compliance?

It may be tempting to put off your journey towards CMMC compliance, given that the regulation is not due to be fully implemented until October 1, 2025, but this would be a mistake. Earning a CMMC certification is no trivial task, especially if you are aiming for higher compliance levels. Starting now will give you plenty of time to get your information security strategy and systems up to scratch.

How Does the CMMC Accreditation Body Qualify Assessors?

How Does the CMMC Accreditation Body Qualify Assessors?

Although there have been several delays since the Cybersecurity Maturity Model Certification was first announced, 101 experienced professionals have now been chosen to become future CMMC auditors. Most have now completed their training, thus providing valuable insights that will influence the training of registered provider organizations (RPOs).

Mistakes to Avoid When Looking for a CMMC Auditor

Mistakes to Avoid When Looking for a CMMC Auditor

The cybersecurity maturity model certification (CMMC) is a unified framework that is intended to regulate and enforce information security standards across the entire defense supply chain. Unlike with the previous DFARS clause, which is based on the NIST 800-171 framework, self-assessments are no longer enough. Instead, you must engage with a CMMC auditor who has been approved by the CMMC ...

What Exactly is Considered CUI?

What Exactly is Considered CUI?

Signing off contracts with the US Department of Defense, either in the capacity of a contractor or subcontractor, can be highly lucrative. After all, the DoD is an enormous market consisting of around 200,000 organizations that make up the Defense Industrial Base (DIB).

DFARS 252.204-7012: What are the best ways to protect media and CUI?

DFARS 252.204-7012: What are the best ways to protect media and CUI?

The DFARS 252.204-7012 clause sets high standards governing the protection, sanitization, and secure destruction of controlled unclassified information (CUI). Compliance is mandatory for any organization that makes up part of the 200,000-strong Defense Industrial Base (DIB), which is the supply chain of the US DoD. Audits may be carried out at any time, so it is crucial that any organization ...