The CMMC Proposed Rule: Facts and Fiction

CMMC Proposed rule

The CMMC Proposed Rule comes with lots of emotion. To help you separate fact from fiction, we sat down with our CMMC experts and asked the questions on everyone’s mind. Why is CMMC happening? The DoD addressed this query. “Because of the across-the-board risks of not implementing cybersecurity requirements, DoD was unable to identify any […]

Supply Chain Security and Your Small-to-Medium Business

Small Business

When your credit card was skimmed at the local gas station, you stopped going there for a fill-up. When an online retailer was hacked, and your information was stolen, you got smarter about sharing data. When an odd text message asks you to click the link, you delete it. As consumers, we’re well aware of […]

Small businesses need to secure data before tapping into AI

AI is the acronym on everyone’s lips this summer. Generative AI tools have gone mainstream, and nearly everyone has heard an AI use case that piques their interest. But you’ve got questions about the cost, the security, and how to use your data because you’re a small business, not an enterprise with massive resources. AI […]

Screening Your Supply Chain: How Far Will You Go For Cybersecurity?

Supply Chain

Cybersecurity is like a game of “telephone” where you whisper a phrase to the next person in line. One mistake in the chain passes to others, changing the outcome. While the slip-ups are fun for a party game, no one is amused by a breach or hack in their extended network. With serious consequences on […]

How First-Person Stories Can Make Cybersecurity Lessons More Memorable

Cybersecurity Training

Despite working in cybersecurity and hearing about all types of incidents, I was riveted as my friend described how the attack rolled out and how employees reacted. In fact, I thought about the story several times during the next week and shared it with multiple people. It turns out the story was a teachable moment. […]

WT 360: CMMC Lessons From the Voluntary Assessment Program

Cybersecurity Maturity Model Certification

Derek Kernus explains how his company went through the Defense Department’s assessment process for complying with the standards at the heart of CMMC, the rule that will lay out how contractors protect information on their systems. The Cybersecurity Maturity Model Certification regulation may not be final for at least another year, but the Defense Department has […]

What will CMMC mean for the rest of us?

CMMC mean - Cybersecurity, Small Business, Article

When the Department of Defense released a Proposed Rule for the Cybersecurity Maturity Model Certification (CMMC) program, it intended to shore up the Defense Industrial Base (DIB) by asking contractors to prove that their cybersecurity was up to standards. A much bigger impact, however, will be felt throughout American business. In essence, it’s a brand-new era […]

Five lessons learned as you prepare for CMMC

Cybersecurity expert Derek Kernus explains what was learned when a small-business client went through a voluntary DOD assessment of how it protects controlled, unclassified information, meeting many of the CMMC requirements. With CMMC requirements on the near horizon, those in defense contracting are asking important questions about the timing, process, and preparation for their assessments. […]

Why you should go beyond the cyber requirements for OASIS+

Just don’t check the boxes for your OASIS+ proposals because your approach to cybersecurity might be the key differentiator for winning task orders, especially for small businesses. After months of work, checking a few boxes on the OASIS+ Pre-Award Questionnaire was no big deal. But now that the dust has settled, you might wonder what […]

Lessons learned from a joint surveillance audit for CMMC

Microsoft recently had an opportunity to sit down with Derek Kernus, Director of Cybersecurity Operation at DTS, to discuss their experience with the Joint Surveillance Voluntary Assessment (JSVA).  The Joint Surveillance Voluntary Assessment (JSVA) program is a transitional certification to CMMC, a new cybersecurity framework for Defense Industrial Base (DIB) contractors. The Joint Surveillance Voluntary Assessment […]