If you are reading this article, you are probably the owner of a small DoD contracting company. You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office. You might be frustrated at yet another computer requirement, or you might be excited at the opportunity to distinguish your company from your competitors. How to prepare for CMMC Level 1 certification First, the standard disclaimer. As I write this article in 2020: Read More
A question came up today from a client that has a large remote workforce. “How can my help desk manage end user devices while staying compliant with 800-171 and CMMC?” For example, can we use remote access tools like LogMeIn or Chrome Remote Desktop, which allow always-on connections to the desktop? The following is my opinion. Take it at your own risk. The problem with always-on remote access programs Assuming that your end user devices contain or access sensitive information, Read More
Download links for DFARS 252.204-7012 resources: How a small business can implement Level 1 CMMC requirements (these are the same controls as DFARS 252.204-7012): https://www.cmmcaudit.org/cmmc-level-1-certification-and-preparation-how-to/ Official DFARS guidance: https://www.acq.osd.mil/dpap/dars/dfars/html/current/204_73.htm NIST page about DFARS for manufacturers: https://www.nist.gov/mep/cybersecurity-resources-manufacturers/dfars-compliance NIST self-assessment handbook for using SP 800-171 controls for DFARS requirements: http://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf If you know of other official or helpful resources, please comment to help others! I’ll add the links to this page.