As of December 16, 2024 CMMC Title 32 – the program part – is live. That means you can request to get assessed and you can enter your CMMC Level 1 attestation in SPRS. You will likely be able to add your Level 2 attestation in later, but that is not there yet. Initially, your…
In 2021 the DoJ announced the Civil Cyber Fraud Initiative to go after companies that lie about their cybersecurity practices. Under the False Claims Act, the government can recover damages and more. The “damage” could be as simple as we would not have given you the contract if we knew that you were not complying…
This is the piece that we have been waiting for and it is both short and covers a lot of details. The Title 48 part of CMMC contains the contracting mechanics and it is what you need to understand if you expect to be awarded a contract. If you have questions and you likely will,…
The executive branch has released another pillar in its cybersecurity strategy. This administration has done more that past administrations on cybersecurity including the National Defense Strategy, the National Cybersecurity Strategy, the DoD Cyber Strategy and the National Defense Industrial Strategy. The newest piece of this is the Defense Industrial Base Cybersecurity Strategy 2024. This is…
I recently provided a CMMC update to the Denver chapter of NCMS. That presentation was live and in person and generated a lot of questions and comments. I recreated that presentation here. If you have questions, please contact us.
Lots of news this month. In case you thought the DoD was just kidding, this month’s news should disabuse you of that idea. If you have questions/need help, please contact us.
Up until now, CMMC has been a US federal government standard for companies doing business in the public sector. Canada has now joined the group and you should expect more countries to be added to the list. Learn more below.
Last week the governor of Montana signed a bill that will ban TikTok in the state as of January 1 of next year. But life is not simple. Learn why it is not simple here.
Over the last couple of years we have talked a lot about what is required for CMMC Level 2 certification, but a lot more companies will need to be CMMC Level 1 certified. What is required for this?
The shared responsibility model is the way that cloud service providers reduce their risk if something bad happens. For the most part, unless you have an unusual contract with your cloud service provider, if something bad happens, it is your problem. If you have not planned for this, you could be in deep yogurt. Learn…
