Cybersecurity is an ever-growing and changing field, and there are differences of opinion about how best to protect an organization. Some argue that technology is the only way to protect the organization. Others say organizations must focus on compliance, rather than technology. Both are wrong…and right. The best way to achieve a strong, effective cybersecurity program is to ensure you have the technologies in place to protect your critical assets and the policies, procedures, plans, and governance in place to ensure the technologies are used correctly.
Don’t throw out your computer equipment or software just yet. A little diligence can save you time, effort, and expense while preparing for a CMMC assessment.
In 2019, the National Archives and Records Administration (NARA) issued guidance on destroying paper copies of CUI (CUI Notice 2019-02: Destroying Controlled Unclassified Information (CUI) in paper form), but many DoD contractors aren’t familiar with NARA or the guidance. This article summarizes NARA’s guidance and provides practical approaches that help DoD contractors manage the destruction of paper-based CUI.
Employees are increasingly using smart devices, such as smart watches, to improve their productivity. But accessing CUI from those devices can create unintended issues. This article discusses how smart devices can impact your obligations under CMMC and other government contracting requirements.
The Executive Order issued May 12, 2021 on Improving the Nation’s Cybersecurity casts some clouds over the CMMC program. This article provides short-term guidance for defense contractors.