When the Department of Defense initially announced version 2.0 of its Cybersecurity Maturity Model Certification (CMMC), it was meant to be good news for small and mid-sized businesses and contractors that work with the United States Military. CMMC 1.0 put a heavy burden on these smaller organizations to create systems and manage controls that they simply didn’t have the in-house resources to create and manage. But planning for the CMMC 2.0 model brings to light just how challenging compliance remains for small- and mid-sized organizations. While CMMC version 2.0 has been framed as less of a burden for smaller businesses and contractors, there’s still a lot of work to be done to reach full compliance.
The U.S. Department of Defense (DoD) manages an annual budget that stretches into the hundreds of billions. Much of that money is spent with the 100,000-plus third-party contractors that participate in the nation’s defense industrial base (DIB). The DoD and these contractors must share files and information, and they must do so in a secure manner — for obvious reasons. Today, the DoD offers DoD SAFE as a portal where DIB contractors and members of the U.S. military can share PII-, PHI-, and CUI-related files securely. But is DoD SAFE the best option for your organization? There are DoD SAFE alternatives that are easier to use while providing a level of security that meets DoD expectations for files that fall into these categories. If you’re one of the many defense-related contractors searching for DoD SAFE alternatives, continue reading to learn more about the history of DoD SAFE and your other options for securely sharing files with the U.S. Military.
Are you trying to select a new file sharing solution, but you have a few questions first? Explore these common questions about file sharing solutions and find out their answers.
By now, all contractors that work with the U.S. Department of Defense should be fully aware of the Cybersecurity Maturity Model Certification (CMMC) 2.0 announcement from November 2021. The CMMC 2.0 announcement included updates to CMMC 1.0 that were designed to enhance cybersecurity protections for all entities in the defense industrial base, or DIB, and also streamline protections for contractors already utilizing the NIST 800-171 framework. While the announcement of last November did provide a glimpse at what the DOD’s requirements might be in the future, Congress has yet to codify those requirements into a law to be followed. Unfortunately, that leaves contractors and others in the DIB in a limbo period where they know that new CMMC requirements are coming — but they don’t know exactly what those requirements will be. We’ve written previously about the proposed CMMC 2.0 framework and what it might require of contractors. Now we’ll address what contractors and others in the DIB can be doing right now during this limbo period to set their organizations up for future success under CMMC 2.0 once codified by law. While there’s a lot of confusion about what can be done presently, it’s best for DIB members to focus first on Level 1 requirements as outlined by the CMMC 2.0 announcement late last year. The following 17 specific practices are required for Level 1 compliance. They represent basic security hygiene that you can implement for your organization: limiting physical access to your facility and systems, securing storage and transport of data, and monitoring your systems usage are good places to start. Also, note that Level 1 compliance is the basis for Level 2 compliance.
The aerospace industry is a big business — and it’s only going to get bigger in the coming years. In 2020, the global aerospace industry reached $298 billion. That figure is expected to grow to $430.9 billion by 2025 (an expected 45% increase in 5 years). The size of the industry and it’s expected growth is even more impressive when you consider the many aerospace industry regulations that companies must adhere to. The challenge with operating in aerospace is that almost everything designed, built or created has defense-related implications. Indeed, trade organizations (like the Aerospace Industries Association) and the U.S. government have established stringent regulations and security frameworks to prevent the aerospace industry’s products and data from falling into the wrong hands. These regulations can be burdensome for aerospace companies. But they can also represent an opportunity for aerospace companies to put into place the right tools and technologies for making compliance easier and more automated. Here’s a look at the most relevant aerospace and defense industry regulations — the AIA’s NAS9933, NIST SP 800-171, ITAR and EAR — plus a rundown of how aerospace companies can benefit from compliance.
In the modern age, cybersecurity has become a serious priority for organizations operating in both the public and private sectors. Government entities prioritize cybersecurity to prevent foreign actors and third parties from accessing state secrets. Corporations and other businesses prioritize cybersecurity to prevent ransomware, the loss of proprietary information and trade secrets, and generally to secure any information and files they store and share. What is SOC 2 and where does it fit within the emerging cybersecurity universe that’s growing more important with each passing year? SOC, an acronym for “System and Organization Controls,” is a cybersecurity risk management reporting framework that includes different levels for different types of organizations — SOC 2 is the second level of the framework designed for service providers. The SOC framework and SOC 2 requirements for service providers have become a universally accepted standard for securing information, data and files. At FTP Today, we are SOC 2 certified with the GOVFTP Cloud in scope. This is one of the best ways to ensure we’re securing our users’ data and files while minimizing the risk of outside threats. See below for more details on the SOC framework, on SOC 2 compliance, plus what it means for your organization.
Even if you’ve only dabbled in cybersecurity, you’ve likely heard the acronym NIST — which stands for National Institute of Standards and Technology. Behind that simple acronym are huge implications for organizations that experience cybersecurity threats or that regularly handle sensitive files and information. The NIST framework for cybersecurity can help keep your organization safe from breaches, and it can also help you achieve compliance so that you can work with other organizations and government agencies that are concerned about cybersecurity. To help you better understand the NIST framework for cybersecurity, here are in-depth details about NIST and specific publications relevant to cybersecurity and the protection of sensitive files and information.
File transfer protocol (FTP) as it was first conceived included no encryption. In the earliest days of FTP, senders and recipients of files logged in with usernames and passwords in plain text, and files were passed from one party to another without encryption. That’s not the case with modern FTP providers. They apply modern data encryption best practices to FTP transactions so that file transfers are conducted with the utmost security. What data encryption best practices should you be following? Here’s a look at different types of encryption, encryption needed for secure file transfers, plus details on how FTP Today handles encryption for its clients.
The body that oversees Cybersecurity Maturity Model Certification (better known as CMMC) has just announced version 2.0 of its standards. This updated version of CMMC is significant for organizations that are part of the defense industrial base — organizations numbering 300,000-plus that comprise the supply chain for defense-related projects in the United States. See below for more details on CMMC 2.0, plus what those changes mean for organizations that work on projects with the U.S. Department of Defense.
The United States is likely to spend more than $700 billion on national defense in 2022. A big portion of that budget will be spent on contracts with third-party businesses — contractors who provide products, materials and services to the U.S. military. But, if you want to work with the U.S. military, you need to understand ITAR compliance and how it empowers you to secure a contract. If your business would like to work with the U.S. military, or continue to work with the U.S. military, here’s a look at everything you need to know about ITAR — and ITAR compliance requirements.
In a press release last year, Carahsoft announced FTP Today has joined the Carahsoft Cloud Purchasing Program (CPP). The program is for government contractors who rely on CarahPoints to purchase the software and tools necessary to run their business. Continue reading to find out what this could mean for you!