Some DoD contractors are making significant investments to enhance their cybersecurity. This article discusses an approach those contractors can use to help increase the ROI for that work and win more contracts.
NIST released a discussion draft of SP 800-171 Rev 3 late last week. This article describes the impact that discussion draft will likely have on DoD’s CMMC program and provides some insights for contractors who are proactively preparing for Rev 3’s (eventual) release.
DoD published a notice that DFARS 252.204-7024 will soon be published. This new clause requires contracting officers to consider supply chain risk and SPRS-reported risk information, as part of the award decisions. Click through for additional information!
2022 saw a lot of changes to the CMMC program, and even to the government’s approach to supply chain cybersecurity. In this post, we summarize some of the key DoD-related changes in an effort to help contractors understand what they will likely encounter in 2023.
Government representatives have stated that complying with CMMC 2.0 Level 2 shouldn’t cost contractors or the government anything, because contractors have been attesting to the government that they are doing these things for years. This article explores why this is correct only for a small minority (17 out of 110) of the controls in CMMC 2.0 Level 2.
Imagine the following scenario: As part of Project Road Runner, a new initiative, the United States Army, a portion of the Department of Defense (“DoD”) wants to purchase three dozen anvils. The anvils must meet specific size, strength, and weight requirements. DoD has already performed a search and is not able to find a COTS (more…)
The DoD CIO’s office held a town hall on 2022-FEB-10. They discussed a variety of topics including CMMC 2.0. Several take-aways came out of the session that are critical for DoD contractors, especially those handling CUI.
NIST SP 800-171 can be overwhelming for contractors. In this article, we present a prioritized approach to implementing the 110 controls of 800-171.
Successful implementations are not measured by scores. The most valuable elements to a successful implementation do not have a weighted value.
With CMMC 2.0, DoD removed process maturity as an assessed requirement. Some commentators are suggesting that NIST 800-171’s “NFO” controls inherently require policies. We explore the requirement in this article.