Your Top 5 CMMC 2.0 Questions Answered

Your Top 5 CMMC 2.0 Questions Answered

The Department of Defense’s (DoD) announcement of revamping their Cybersecurity Maturity Model Certification (CMMC) program has left many contractors trying to understand how the update will affect their compliance needs and audit requirements. To offer clarity and guidance on the new framework, we put together a list of the top five questions companies have been asking about CMMC 2.0.

What Companies Should Know About the DoD’s CMMC Update

What Companies Should Know About the DoD’s CMMC Update

On November 4, 2021, the Department of Defense (DoD) announced several changes to the Cybersecurity Maturity Model Certification (CMMC) program, now referred to as CMMC 1.0. CMMC 2.0, the updated version of the framework, is a culmination of the DoD’s months-long internal review of CMMC 1.0’s implementation and significant changes to the program’s strategic direction.

Cybersecurity Maturity Model Certification (CMMC) 2.0: 3 Big Changes

Cybersecurity Maturity Model Certification (CMMC) 2.0: 3 Big Changes

Major changes are underway for the Cybersecurity Maturity Model Certification (CMMC) program. Previewed in an Advanced Notice of Proposed Rulemaking on November 4, 2021, the revamped program is called “CMMC 2.0”. This new certification model promises to streamline compliance for defense contractors and their suppliers, specifically by cutting the red tape, clarifying cybersecurity regulatory and ...

The Strategy Behind the DoD’s CMMC Update

The Strategy Behind the DoD’s CMMC Update

After months of internal study, the Department of Defense (DoD) has revealed its intention of updating the Cybersecurity Maturity Model Certification (CMMC) program. The following are the eight different strategic lines of thinking behind the DoD’s efforts to modify and expand the program.

How Can an MSP Help with NIST Compliance?

How Can an MSP Help with NIST Compliance?

With cyberattacks costing businesses and governments billions of dollars every year, it’s never been more important to adopt a proactive approach to information security.

Why You Need a NIST Cybersecurity Framework Maturity Assessment

Why You Need a NIST Cybersecurity Framework Maturity Assessment

One of the biggest challenges in building a sufficiently robust information security program is that there are so many guidelines and frameworks to choose from. Moreover, every business has a unique set of needs and a different technology infrastructure, which also means there’s no one-size-fits-all approach.

NIST Cybersecurity Framework Case Study: Learn 5 Best Practices

NIST Cybersecurity Framework Case Study: Learn 5 Best Practices

The NIST Cybersecurity Framework provides a systematic methodology for managing risk in your organization across the entire incident lifecycle. Although the framework is not intended to replace an organization’s risk-management practices, it can help standardize your strategy by managing risk company-wide.

How to Implement NIST Cybersecurity Framework

How to Implement NIST Cybersecurity Framework

Organizations can no longer afford to view cybersecurity as a necessary evil and a mere cost center. Instead, they should view it as an integral component of their value propositions now that customers are increasingly wary about who they do business with. In other words, good security is good for business, not just because it helps mitigate risk, but because it opens the door to lucrative new ...

Assessing Your NIST Framework Tier Level

Assessing Your NIST Framework Tier Level

There are three primary components of the globally adopted NIST Cybersecurity Framework: the framework core, the profiles, and implementation tiers. While the framework details the specific control categories you need to protect your data, the profiles enable you to create a strategy for reducing risk. Implementation tiers, on the other hand, establish a baseline for cybersecurity that you can ...

The NIST Framework Tiers Explained

The NIST Framework Tiers Explained

The NIST Cybersecurity Framework is a leading global standard in cybersecurity, as well as the basis of many legal regulations and other standards. There are three main elements to the framework – the framework core, profiles, and implementation tiers. These tiers are intended to provide context for stakeholders to help determine the degree to which their organizations exhibit the characteristics ...