DFARS regulations for cybersecurity Archives

Why so few Defense contractors are compliant

Posted on September 21, 2023September 21, 2023 by Amira Armond

𝐇𝐨𝐰 𝐥𝐨𝐧𝐠 𝐝𝐨𝐞𝐬 𝐢𝐭 𝐭𝐚𝐤𝐞 𝐚 𝐜𝐨𝐦𝐩𝐚𝐧𝐲 𝐭𝐨 𝐠𝐨 𝐛𝐚𝐧𝐤𝐫𝐮𝐩𝐭 𝐢𝐭 𝐰𝐡𝐞𝐧 𝐜𝐚𝐧’𝐭 𝐰𝐢𝐧 𝐰𝐨𝐫𝐤? One year? Two? Three? Let me tell you a story about how a system of perverse incentives caused our current cybersecurity situation in the Defense Read More

CMMC, CUI, and Cloud Vendors – do you need FedRAMP?

Posted on November 18, 2022November 18, 2022 by Amira Armond

Achieving Cloud Compliance in the Age of CMMC, CUI, and DFARS 7012: How secure are your cloud vendors?

DFARS 252.204-7012 – Part 1, CDI and Covered Info Systems

Posted on March 5, 2021May 7, 2021 by Amira Armond

A guided review of DFARS 252.204-7012 covering the topics: What is a covered contractor information system? What is Covered Defense Information?

System Security Plan for 800-171 and CMMC

Posted on February 25, 2021March 6, 2023 by Amira Armond

How to video and training on what a System Security Plan is, what it is used for, and what a high quality one looks like!

How to submit a NIST SP 800-171 self assessment to SPRS

Posted on February 12, 2021July 7, 2021 by Amira Armond

Answers to common questions about how to submit your NIST SP 800-171 self assessment to SPRS. Register an account, how to handle multiple…

CMMC Level 1 certification and preparation (how-to)

Posted on January 5, 2021February 14, 2021 by Amira Armond

If you are reading this article, you are probably the owner of a small DoD contracting company. You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office. You might be Read More

Conversations from LinkedIn

Posted on December 31, 2020February 15, 2021 by Amira Armond

This page is an index of LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.

CMMC-AB Regan Edens interview on DFARS, FedRAMP, and AB authority

Posted on December 30, 2020March 8, 2021 by Amira Armond

This interview with Regan Edens (CMMC-AB Chairman of the Standards Management Committee) clarifies clouds and CMMC, FedRAMP, and DFARS questions for Organizations Seeking Certification (OSCs)

Where is the Easy Button for CMMC? Why MSPs may be the solution.

Posted on November 14, 2020June 4, 2022 by Amira Armond

CMMC and DFARS compliance is too expensive for small businesses. This article describes “easy button” solutions such as a CMMC MSP, using …

DFARS 252.204-7012 or 252.204-7021 enforces NIST 800-171 and CMMC

Posted on October 1, 2020October 27, 2020 by Amira Armond

If you are a Defense Contractor that handles Controlled Unclassified Information (CUI), this news is going to be very important for you. DFARS 252.204-7012 Interim Rule Yesterday, the DoD released an interim rule to the Defense Federal Acquisition Rules Supplement Read More

CMMC Glossary, Terms, and Definitions. Who’s who in CMMC

Posted on August 13, 2020December 12, 2022 by Amira Armond

As the CMMC ecosystem grows, it is starting to get hard to track all the key players and concepts. This page is meant as an easy to understand “who’s who” and “what’s what” for the CMMC. This CMMC glossary of Read More

Remote Management & Access Tools for 800-171 and CMMC

Posted on December 20, 2019May 25, 2020 by Amira Armond

A question came up today from a client that has a large remote workforce. “How can my help desk manage end user devices while staying compliant with 800-171 and CMMC?” For example, can we use remote access tools like LogMeIn Read More

DFARS 252.204-7012 controls discussion for CMMC

Posted on October 1, 2019February 25, 2021 by Amira Armond

Why is there a page for DFARS 252.204-7012 on a CMMC website? DFARS 252.204-7012 is a contract requirement for defense contractors that handle or might handle Controlled Unclassified Information (CUI). Unlike the CMMC, DFARS 7012 is currently required and should Read More