Scoping your CUI Boundary

Identifying and safeguarding Controlled Unclassified Information (CUI) is critical to ensuring data protection and compliance with regulatory requirements. 

 

Podcast on What makes a good self-assessment?

Mission Compliant held a Podcast on April 30th discussing what makes a good self-assessment.


CMMC Town Hall

The Cyber AB Townhall on April 30 dealt with CMMC legal updates, new CMMC Terminology followed by an extended question and answer period.

The on April 30 dealt with CMMC legal updates, new CMMC Terminologyd answer period

Podcast – When will CMMC requirements show up in DOD Solicitations

On March 29 – Mission Compliant held a podcast on when CMMC will start showing up in DOD solicitations

CMMC Town Hall

The Cyber AB Townhall on March 26 mostly dealt with the timeline for the proposed rules and public comments.

ASCERTIS Assessment New Release  

ASCERTIS is pleased to announce the latest release of the ASCERTIS Assessment Engine.

Difference between FedRAMP Moderate Certified and FedRAMP Moderate Equivalency

“FedRAMP Moderate Certified” indicates formal certification through the FedRAMP program, while “FedRAMP Moderate Equivalency” suggests that a cloud service provider’s security measures are considered equivalent to the FedRAMP Moderate standards…

Warranty

Unnecessary Legitimate Services

This business is effectively charging about $2400 per hour for their services…

Caller ID Spoofing

Caller ID Spoofing

Caller ID spoofing is a technology that allows the originator to alter the information forwarded to your caller ID in order to hide the true number…

Spam Email

Why You Need A Junk Email Account

Everyone already has multiple e-mail or messaging accounts: personal, business, LinkedIn, Facebook, Twitter… The list goes on.  Why would I need to create a junk e-mail account…?

Phishing Attacks: Part 2

Phishing attacks use e-mail to trick users into downloading malware onto their systems for the purpose of stealing information or placing the user in a compromising position that the attacker can exploit…

Phishing Attacks: Part 1

Phishing attacks use e-mail to trick users into downloading malware onto their systems for the purpose of stealing information or placing the user in a compromising position that the attacker can exploit…

Hacker Cartoon

$30 Solution to Ransomware Attacks

Ransomware is becoming the number 1 form of malware, affecting individuals and businesses alike.  In 2019, ransomware attacks are expected to climb to over 11 billion in payments and repair damages…

Vulnerability Optimization

Vulnerabilities in operating systems or applications are excellent attack vectors for cyber criminals.  These vulnerabilities are weaknesses in the code that facilitate numerous types of attacks that can cause systems to behave erratically or information to be lost or exposed…

Cyber Thieves

Small Business Vulnerabilities

One of the reasons why small business is so vulnerable to cyber attacks is that cyber security is not integral to their business plans or part of the company’s growth strategy.  Consequently, small business is considered “low hanging fruit” for hackers and other cyber criminals…

Cyber Crime Tape

Small Business Cyber Risk

Did you know that 47% of small business have suffered a cyber attack last year? Did you know that the Federal government is so concerned about small business exploitation that they now require their small business contractors to complete an independent cyber security assessment?

Verification Vs. Validation

With respect to security, businesses are often focused on doing the right things but fail to do the things right. Equifax is an example of an organization that strategically was doing the right things but tactically was not doing the things right…

Fingerprint Security

Access Control Lists

Do you know who has access to your most sensitive data?  Access Control Lists (ACLs) are developed to place people into groups to access various types of information.  Some departments have clear cut lines of authority – but what about Controlled Unclassified Information (CUI) produced for Federal contracts? Does everyone on the contract need to see this information?  Does everyone need to see this information in final form..?

Code and Lock

Cyber Security Awareness Training

Cyber security awareness training provides the greatest assurance of reducing information system compromise.  People remain the biggest weakness of any information system.  Properly trained people on cyber security decreases the risk of system compromise by 80%…

Military Airplane DOD

Avoid These NIST Compliance Problems

There are numerous solutions providers and assessor companies that propose a single solution that solves the requirements of NIST SP 800-171, but this simply is not the case. 

Some applications may solve a family of controls or several controls in multiple families, but there is no single application that will satisfy all the requirements of the NIST controls…

Impacts of CMMC 2 on Contractors with both FCI and CUI.

Contractors with ONLY FCI

The proposed CMMC 2.0 rule will impact DoD contractors with only Federal Contract Information (FCI) by requiring them to adhere to specific cybersecurity measures as proscribed in cybersecurity level 1 of the CMMC maturity model. Level 1 requires the implementation of 17 controls from NIST 800-171 Rev 2 which would constitute “basic” cyber security.

Contractors will need to achieve the minimum CMMC level specified in the solicitation to be eligible for contract awards, and prime contractors will
be required to flow down CMMC requirements to subcontractors that handle FCI.

Ready to be compliance certified?

Stop waiting to qualify for government contracts. Let us help.