DoD submitted but quickly withdrew an “advanced notice of proposed rulemaking” entitled “Cybersecurity Maturity Model Certification 2.0 Updates and Way Forward”.
Cybersecurity is an ever-growing and changing field, and there are differences of opinion about how best to protect an organization. Some argue that technology is the only way to protect the organization. Others say organizations must focus on compliance, rather than technology. Both are wrong…and right. The best way to achieve a strong, effective cybersecurity program is to ensure you have the technologies in place to protect your critical assets and the policies, procedures, plans, and governance in place to ensure the technologies are used correctly.
Don’t throw out your computer equipment or software just yet. A little diligence can save you time, effort, and expense while preparing for a CMMC assessment.
In 2019, the National Archives and Records Administration (NARA) issued guidance on destroying paper copies of CUI (CUI Notice 2019-02: Destroying Controlled Unclassified Information (CUI) in paper form), but many DoD contractors aren’t familiar with NARA or the guidance. This article summarizes NARA’s guidance and provides practical approaches that help DoD contractors manage the destruction of paper-based CUI.
Employees are increasingly using smart devices, such as smart watches, to improve their productivity. But accessing CUI from those devices can create unintended issues. This article discusses how smart devices can impact your obligations under CMMC and other government contracting requirements.