CMMC Level 1 certification and preparation (how-to)

If you are reading this article, you are probably the owner of a small DoD contracting company.  You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office.  You might be frustrated at yet another computer requirement, or you might be excited at the opportunity to distinguish your company from your competitors. How to prepare for CMMC Level 1 certification First, the standard disclaimer.  As I write this article in 2020: Read More

Remote Management & Access Tools for 800-171 and CMMC

A question came up today from a client that has a large remote workforce. “How can my help desk manage end user devices while staying compliant with 800-171 and CMMC?” For example, can we use remote access tools like LogMeIn or Chrome Remote Desktop, which allow always-on connections to the desktop? The following is my opinion. Take it at your own risk. The problem with always-on remote access programs Assuming that your end user devices contain or access sensitive information, Read More

DFARS 252.204-7012 controls discussion for CMMC

Why is there a page for DFARS 252.204-7012 on a CMMC website? DFARS 7012 is a contract requirement for defense contractors that handle Controlled Unclassified Information (CUI). It requires implementing cyber-security per NIST Special Publication 800-171 and mandatory reporting to the DoD if the contractor has a cyber incident. Unlike the CMMC, DFARS 7012 is currently required and should be a priority for DoD contractors that deal with CUI. You can tell if your contract requires compliance by looking for Read More