By now, all contractors that work with the U.S. Department of Defense should be fully aware of the Cybersecurity Maturity Model Certification (CMMC) 2.0 announcement from November 2021. The CMMC 2.0 announcement included updates to CMMC 1.0 that were designed to enhance cybersecurity protections for all entities in the defense industrial base, or DIB, and also streamline protections for contractors already utilizing the NIST 800-171 framework. While the announcement of last November did provide a glimpse at what the DOD’s requirements might be in the future, Congress has yet to codify those requirements into a law to be followed. Unfortunately, that leaves contractors and others in the DIB in a limbo period where they know that new CMMC requirements are coming — but they don’t know exactly what those requirements will be. We’ve written previously about the proposed CMMC 2.0 framework and what it might require of contractors. Now we’ll address what contractors and others in the DIB can be doing right now during this limbo period to set their organizations up for future success under CMMC 2.0 once codified by law. While there’s a lot of confusion about what can be done presently, it’s best for DIB members to focus first on Level 1 requirements as outlined by the CMMC 2.0 announcement late last year. The following 17 specific practices are required for Level 1 compliance. They represent basic security hygiene that you can implement for your organization: limiting physical access to your facility and systems, securing storage and transport of data, and monitoring your systems usage are good places to start. Also, note that Level 1 compliance is the basis for Level 2 compliance.
The aerospace industry is a big business — and it’s only going to get bigger in the coming years. In 2020, the global aerospace industry reached $298 billion. That figure is expected to grow to $430.9 billion by 2025 (an expected 45% increase in 5 years). The size of the industry and it’s expected growth is even more impressive when you consider the many aerospace industry regulations that companies must adhere to. The challenge with operating in aerospace is that almost everything designed, built or created has defense-related implications. Indeed, trade organizations (like the Aerospace Industries Association) and the U.S. government have established stringent regulations and security frameworks to prevent the aerospace industry’s products and data from falling into the wrong hands. These regulations can be burdensome for aerospace companies. But they can also represent an opportunity for aerospace companies to put into place the right tools and technologies for making compliance easier and more automated. Here’s a look at the most relevant aerospace and defense industry regulations — the AIA’s NAS9933, NIST SP 800-171, ITAR and EAR — plus a rundown of how aerospace companies can benefit from compliance.
Are you trying to select a new file sharing solution, but you have a few questions first? Explore these common questions about file sharing solutions and find out their answers.
Even if you’ve only dabbled in cybersecurity, you’ve likely heard the acronym NIST — which stands for National Institute of Standards and Technology. Behind that simple acronym are huge implications for organizations that experience cybersecurity threats or that regularly handle sensitive files and information. The NIST framework for cybersecurity can help keep your organization safe from breaches, and it can also help you achieve compliance so that you can work with other organizations and government agencies that are concerned about cybersecurity. To help you better understand the NIST framework for cybersecurity, here are in-depth details about NIST and specific publications relevant to cybersecurity and the protection of sensitive files and information.
File transfer protocol (FTP) as it was first conceived included no encryption. In the earliest days of FTP, senders and recipients of files logged in with usernames and passwords in plain text, and files were passed from one party to another without encryption. That’s not the case with modern FTP providers. They apply modern data encryption best practices to FTP transactions so that file transfers are conducted with the utmost security. What data encryption best practices should you be following? Here’s a look at different types of encryption, encryption needed for secure file transfers, plus details on how FTP Today handles encryption for its clients.
The body that oversees Cybersecurity Maturity Model Certification (better known as CMMC) has just announced version 2.0 of its standards. This updated version of CMMC is significant for organizations that are part of the defense industrial base — organizations numbering 300,000-plus that comprise the supply chain for defense-related projects in the United States. See below for more details on CMMC 2.0, plus what those changes mean for organizations that work on projects with the U.S. Department of Defense.
In a press release last year, Carahsoft announced FTP Today has joined the Carahsoft Cloud Purchasing Program (CPP). The program is for government contractors who rely on CarahPoints to purchase the software and tools necessary to run their business. Continue reading to find out what this could mean for you!
You might be asking yourself, “why are collaboration platforms competing with Managed File Transfer (MFT)?” Great question. Normally, they don’t, and to be honest -- they shouldn’t. These are not the same. The commonality regarding these two is mainly that files can be stored or sent within MFT and MFT as-a-Service (MFTaaS) platforms, as well as within collaboration platforms. However, as we’ll see later, it’s not without difficulty if you’re trying to use a collaboration tool like Microsoft O365 as a MFTaaS tool.
This blog post is the culmination of our Securing the Supply Chain series. In our second blog post Securing the Supply Chain - Meeting NISP SP 800-171 R2 we provided information on meeting compliance with DFARS (Defense Federal Acquisition Regulation Supplement) contracts clause 252-204-7019, which triggers your compliance with NIST 800-171 R2 by uploading your self-assessment, System Security Plan, and any Plan of Accreditation & Milestone (POA&M - Plan Of Actions and Milestones) to SPRS (Supplier Performance Risk System) system. Our initial blog covered what the government wants you to protect, the interim rule, Cybersecurity Maturity Model Certification (CMMC) levels, and how to get started. In this blog we start the journey toward meeting compliance with CMMC. We begin with first meeting compliance with NIST SP 800-171 R2, the latest self-assessment and self-attestation standard. Ultimately, over the next five years (by 2026), you will be required to meet DFARS contract clause 252-204-7021, which will trigger compliance with appropriate level of CMMC compliance. The Cybersecurity Maturity Model Certification (CMMC) is a compliance framework for Defense Industrial Base (DIB) contractors to safeguard intellectual property of United States. DIB contractors must properly safeguard, disseminate, and destroy Controlled Unclassified Information (CUI). As a DIB contractor, you will need to comply with the appropriate CMMC maturity level to renew a contract, compete for a new contract or receive an award of a contract. In this blog we give you the information you need to meet CMMC compliance.
This blog post is a continuation of The CMMC Basics where we covered what the government wants you to protect, the interim rule, Cybersecurity Maturity Model Certification (CMMC) levels, and how to get started. In this blog we start the journey toward meeting compliance with CMMC. We begin with first meeting compliance with NIST SP 800-171 R2, the latest self-assessment and self-attestation standard. The United States government is challenged with securing the supply chain to reduce theft of intellectual property, collection of intelligence by foreign adversaries, and introduction of counterfeit products. The Department of Defense (DoD) must assure that the mission of the warfighter is not compromised, furthermore the research and development, ideas and product specification are not stolen. As we become more of an interconnected world, this will be more challenging, so you must take steps to assure that you are keeping your information safe as a Defense Industrial Base (DIB) vendor. If you are among the over 300,000 hardworking vendors supporting the DoD — be proud and be ready to do your part in helping America’s continued prosperity.
The United States of America is increasing attention on cybersecurity to ensure the prosperity of the American people. Public and private entities must secure systems, and networks from adversaries with malicious purpose. In this effort to secure Federal networks, one of the areas of focus for the government is the Federal Supply Chain and strengthening the security of United States Government contracting systems. The global nature of the Internet allows all countries to participate in communication, commerce, and free exchange of ideas – allowing for true prosperity. Access to something as powerful as the Internet presents opportunities for outside nations to conduct espionage, steal intellectual properties, cybercrimes, and remotely attack critical infrastructure.