First, what is a PoAM? A PoAM is, basically, a plan to fix any issues that were found during an assessment. Under CMMC, currently, a company can miss some controls and still get a provisional check mark. But, the rules as to what can be in a PoAM – that is pretty restricted. As is…
As CMMC gets closer to the finish line, the timeline for when you will have to be compliant is coming into sharper view. While you might think that you still have a lot of time to get ready, that timeline might be shorter than you think. Watch or listen to this article to see why.
As if CMMC wasn’t hard enough, there are different types of CMMC certifications. Some you can do yourself, others you can’t. But of course it isn’t so easy. YOU don’t get to choose what you have to do. In many cases, your prime doesn’t get to choose either. Complicated enough? Learn more below.
There is significant news this month for those of you who will have to comply with CMMC. 60 days from now you may be able to, for the first time, get officially CMMC certified and there are about a hundred companies that have passed the test and are waiting for that day.
In 2021 the DoJ announced the Civil Cyber Fraud Initiative to go after companies that lie about their cybersecurity practices. Under the False Claims Act, the government can recover damages and more. The “damage” could be as simple as we would not have given you the contract if we knew that you were not complying…
This is the piece that we have been waiting for and it is both short and covers a lot of details. The Title 48 part of CMMC contains the contracting mechanics and it is what you need to understand if you expect to be awarded a contract. If you have questions and you likely will,…
There is news this month on both fronts – there is progress being made in the CMMC arena and NIST has released 800-171 Rev 3. What do these mean for you? Listen here.
The executive branch has released another pillar in its cybersecurity strategy. This administration has done more that past administrations on cybersecurity including the National Defense Strategy, the National Cybersecurity Strategy, the DoD Cyber Strategy and the National Defense Industrial Strategy. The newest piece of this is the Defense Industrial Base Cybersecurity Strategy 2024. This is…
I recently provided a CMMC update to the Denver chapter of NCMS. That presentation was live and in person and generated a lot of questions and comments. I recreated that presentation here. If you have questions, please contact us.
Lots of news this month. In case you thought the DoD was just kidding, this month’s news should disabuse you of that idea. If you have questions/need help, please contact us.
