Sitemap

CMMC 2.0 Level 3 Certification: What’s Up with That for MSPs/MSSPs?

With the finalization in March 2022 of NIST SP 800-172A, Assessing Enhanced Security requirements for Controlled Unclassified Information, the US Department of Defense (DoD) can potentially move closer to rolling out an assessment program for CMMC 2.0 Level 3...

MSPs/MSSPs: Here’s the Latest CMMC/NIST 800-171 Compliance Timeline

CMMC and NIST 800-171 compliance oversight is gaining momentum not just from the US Department of Defense (DoD) but also other federal agencies, such as the Department of Homeland Security (DHS) and the General Services Agency (GSA). As rulemaking changes within the...

Why MSPs/MSSPs Should Develop a Shared Responsibility Matrix

Third parties that store, transmit and/or process sensitive data inherently introduce an element of security and compliance risk to their clients—and potentially vice versa. Case in point: managed service providers (MSPs) and managed security service providers (MSSPs)...

When is an MSP/MSSP a CSP for CUI Protection Purposes?

Managed service providers (MSPs) and managed security service providers (MSSPs) in the US defense industrial base (DIB) and other US government supply chains now face elevated scrutiny from clients regarding the flow of controlled unclassified information (CUI) and...

MSPs/MSSPs: Are You Subject to “Flowdown” CUI Protection Requirements?

As CMMC 2.0 and NIST 800-171 compliance efforts gather steam, managed service providers (MSPs) and managed security service providers (MSSPs) in defense and other US government supply chains need to look carefully at whether/how they are storing, transmitting or...

CMMC Compliance for MSPs/MSSPs: Taking a “Cross-Client” Approach

Momentum is building in the US defense supply chain and across government sectors to comply with CMMC 2.0 or NIST 800-171 guidelines for protecting controlled unclassified information (CUI). Managed service providers (MSPs) and managed security service providers...

CMMC Compliance for MSPs/MSSPs: 3 Shared Responsibility Angles

Organizations in the US defense industrial base (DIB) and other government sectors are increasingly moving towards mandated protections for controlled unclassified information (CUI), notably CMMC 2.0 certification or NIST 800-171 compliance. This movement is elevating...

What New CMMC Guidance Means for MSPs and MSSPs

As the implementation of CMMC 2.0 by the DIB picks up pace, the frequently shifting requirements can be daunting — especially when the guidance is already so complex. And that’s doubly true for managed service providers (MSPs), who have to contend with diverse and...

Got Hardcopy CUI? NIST SP 800-171 Requirements Apply.

Prime contractors have been flowing down the DFARS 252.204-7012 clause, “Safeguarding Covered Defense Information and Cyber Incident Reporting” (aka DFARS 7012) for years. Many primes have received the DFARS 7012 clause from other primary contract owners. The focus...

Step #8 to Retaining Security Talent: Win-Win Communication

    Could successfully hiring and retaining scarce cybersecurity talent be as simple as how people talk to each other at your company? Pretty much. At least according to cyber talent expert Deidre Diamond, Founder and CEO at CyberSN. On a recent episode of...