CMMC News Update for January 2024
Lots of news this month. In case you thought the DoD was just kidding, this month’s news should disabuse you of that idea. If you have questions/need help, please contact us.
Lots of news this month. In case you thought the DoD was just kidding, this month’s news should disabuse you of that idea. If you have questions/need help, please contact us.
NIST has released a draft version of the next update to the core standard behind CMMC. If you do work for the US, Canadian or Australian defense departments or are a vendor to one of these organizations or if you are a vendor to a large US corporation, this standard and these changes are important…
CMMC or the Cybersecurity Maturity Model Certification passed a huge milestone this week when the Pentagon handed of the proposed rule to the Office of Management and Budget. After they approve the package, it gets published in the Federal Register for comment and implementation. Learn more about the remaining steps below.
800-171 is the government’s chosen cybersecurity standard for protecting controlled unclassified information (CUI) and is the standard is required by a number of government departments and by private industry as a matter of contract for protecting sensitive unclassified information. Learn more about this new version of the standard here.
The ban now prohibits having any Bytedance software even installed on any device used in furtherance of a contract, even employee owned devices. Learn more below.
Up until now, CMMC has been a US federal government standard for companies doing business in the public sector. Canada has now joined the group and you should expect more countries to be added to the list. Learn more below.
Many companies allow, encourage and/or require employees to use personally owned devices. While it seems that, at least in the short term, this is a money saving and morale boosting move, in the long term, it may be an existential threat to the company. In this post we are going to use one company who…
CMMC is an ever changing target. Here is the newest information on it that we have.
For those of you who are covered by DoD’s cybersecurity regulations such as 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting, you probably know that it is a bit of a moving target. We expect a flurry of updates later this spring, but in the mean time, you should be working on compliance. Here…
Dark patterns are techniques that web site operators, typically, use to make it more difficult to choose one option than another. For example, try to close your Amazon account or your Facebook account. It used to be that you had to call Amazon and they would try and talk you out of it. Now you…