If you are a business leader for a manufacturer that is part of the U.S. Defense Industrial Base, you are likely awaiting word about the new CMMC 2.0 standards. You may be checking the internet every week to see if there is any news about when they will be released. You may be wondering what the new standards will require of your organization.
I see it all the time. A business gets hacked and comes to an IT provider for a solution. Unfortunately, once a breach occurs, the only solution is remediation. The best advice I can give any business is to put a cybersecurity plan in place before an incident happens.
Start improving your cybersecurity posture now with this ebook, free when you subscribe to our blog.
As a business leader, you have a lot on your plate. Financials, quality, security, compliance, and more! It can be overwhelming.
If your company is a government contractor or subcontractor, you may be wondering what is going on with the Cybersecurity Maturity Model Certification (CMMC).
With more internet-connected devices in the hands of more people, and a larger chunk of the workforce doing their 9-to-5 from home, cybercriminals have targets and opportunities like never before. The state of Connecticut is responding to this tidal wave of cyberthreats with proposed legislation aimed at encouraging companies to increase their cybersecurity. In a nutshell, the proposed bill provides incentives for businesses to reach compliance with nationally recognized standards of cybersecurity. In case of a breach, a compliant company would be shielded from legal liability stemming from a cyber attack. The bill was unanimously approved in the state House on May 20 and now moves to the state Senate.
I’ve been having many conversations with manufacturers about their need to get aligned with an interim rule put out by the Department of Defense (DoD) recently. The basic deliverables of that rule are to submit the score a supplier achieves following a gap analysis based on the controls listed in the NIST Special Publication 800-171 document. Sounds simple right? I can tell you from experience that the idea is not clearly defined within the rule.
Following the interim rule passed down in the document DFARS Case 2019-D041 on September 29, 2020, there’s a growing number of subcontractors in the Department of Defense (DoD) supply base selling into the “Primes” who are receiving urgent requests from their customers to comply with this new requirement. Regardless how long the DFARS 252.204-7012 has been a stated requirement for DoD contract awards, this new urgency is driving a lot of activity in the Defense Industrial Base (DiB). As such, you have likely heard from a range of vendors that have offered to help you reach that goal.
If you're a supplier, contractor or subcontractor with the federal government, you or your colleagues have no doubt heard of NIST 800-171. If you haven't, check out "Everything You Need to Know About NIST 800-171." for all of the details, and how it may affect your business contracts.