The Best of DTS Issue 16: Cybersecurity Compliance

Our vocabulary has grown this year. You might be thinking about super-spreader, social distancing, and asymptomatic, but for 300,000 contractors and subcontractors, the latest buzz words are more along the lines of Maturity Model, practices, and C3PAO. Cybersecurity compliance is dominating the sector’s headspace.

In this issue, we’ll look at the business impacts of compliance (there IS a silver lining), the meaning of practice maturity, and whether you should be nervous about your first-ever CMMC assessment. Our SMEs have spent months talking with representatives from the DoD in order to help clients prep, explain CMMC practices in plain language, and debunk myths. This issue features pearls of all that wisdom. To get the ball rolling, request a copy of our CMMC Tip Sheet.

We’re on the cusp of a new era in cybersecurity standards nationwide. The question for companies in government and commercial sectors alike is, “How will you respond?” Let’s continue the conversation via email, Microsoft Teams, or with a call.

Edward Tuorinsky
Managing Principal

The Business Case for Compliance: CMMC as an Optimizer

Complying with contracting rules and regulations is a constant challenge for companies that work with the government. Often it means investing time and money into new processes and technology. That’s certainly the case with CMMC. Instead of viewing cybersecurity practices as something to be endured, they can become the catalyst for system and process transformation.

Smart companies grow by capitalizing on the benefits of each initiative. For cybersecurity compliance, that means adopting a proactive viewpoint.

Continue reading about the four areas where cybersecurity compliance can have big and positive benefits for business.

CMMC Maturity Levels

Cybersecurity compliance: CMMC Standards Process

Unlike self-certifying your NIST SP 800-171 standards, CMMC assessments will look at the maturity of each practice. What matters? How long a policy or process has been in place and how effective it’s been during that time.

CMMC Assessments: Should you be nervous?

CMMC assessments are serious business. They can determine your eligibility for new contract work for years to come. That doesn’t mean you have to stress about the assessment itself. These five factors make a case for calm.

  1. A Readiness Review, scheduled 4-12 weeks before your assessment, can identify gaps in your practices, giving you time to take the steps to fix them.
  2. The C3PAO that you select will ask for your Readiness Report or self-reviews to help determine the scope and cost of your CMMC assessment.
  3. Your assessment will not require access to any CUI or FCI. Assessors will examine device settings and configurations and employee behaviors.
  4. Companies will have 90 days after the C3PAO generates their report to remediate minor issues that might prevent certification.
  5. The final report and Quality Assurance Review are not submitted until after issues are remediated.

Bottom line: Start from a place of strength by using a Readiness Review to independently examine and verify each required practice before you even think about registering for your CMMC assessment.

Want to know even more about what you can expect before, during, and after your assessment? Watch our online presentation: CMMC Fast Track

Now See This

NIST Cybersecurity Infographic

DTS News

DTS Honored at the 34th Annual Arlington Best Business Awards

DTS was named the 2020 Technology Small Business of the Year at the Arlington Chamber of Commerce’s 34th Annual Arlington Best Business Awards, held on October 27, 2020 in a hybrid format. This annual event recognizes the most illustrious and accomplished businesses that have made significant contributions to the Arlington community.

“It’s exciting to know that we are helping our clients respond to change with technology-first solutions. As we look toward 2021, we are focused on cybersecurity and the ways in which DTS can help our clients navigate digital transformation,” said our Managing Principal, Edward Tuorinsky.


About DTS

DTS consultants go far beyond just “getting the job done.” We continually find better, more efficient and more effective ways to satisfy the needs of our public- and private- sector clients. DTS provides full lifecycle Management and IT consulting services, and can support your organization by researching and answering specific questions, solving critical issues or helping you plan for the future. Among a crowded field of contractors, DTS stands out for the quality of our people, the power of our approach, and the impact of our results.

Continue the conversation:
Email or call 571.403.1841

Share this Article