Gesso Solutions International

https://lnkd.in/ezp4xFAx Attention #K12 educational community: Exciting news as the Federal Communications Commission has launched a new #cybersecurity grant initiative. Schools and libraries now have the opportunity to apply for a share of the $200 million allocated from the Universal Service Fund. This three-year pilot program aims to assist in covering expenses related to cybersecurity services and equipment, enhancing protection against #cyberthreats. Be sure to apply before the November 1st deadline.

https://lnkd.in/dMeK5EdK In the pursuit of #CMMC Level 2 #compliance, it's crucial to clearly mark controlled areas, devices, and enclaves. Signage serves not only as a compliance measure but also as a training tool for our teams. While #ITAR signage is sometimes used, it's important to evaluate whether our hardware requires marking, which may vary based on the assessor's requirements. Additionally, with the rise of remote work and alternative work locations, it is imperative that our governance policies, including the Acceptable Use Policy, are updated to address these changes in our work environment.

https://lnkd.in/gvC8hGfd The UK's recent classification of data centers as Critical National Infrastructure (CNI) marks a significant step in recognizing the pivotal role these facilities play in the modern economy, akin to the US #CIRCIA act. This move not only underscores the importance of data centers in maintaining essential services but also ensures that they receive government support during critical incidents, thereby safeguarding economic stability. However, the implications for US data center companies operating in the UK, in light of this new designation and existing #GDPR compliance requirements, remain a complex issue. It raises questions about the extent to which these entities will be subject to overlapping regulations and the potential challenges that may arise in navigating this #regulatory landscape.

https://lnkd.in/gnwmsaaY The Cyber Incident Reporting for Critical Infrastructure Act (#CIRCIA) is a significant legislative development that mandates timely reporting of cyber incidents and ransomware attacks to the Cybersecurity and Infrastructure Security Agency (#CISA). While the Department of Defense's Defense Industrial Base (#DIB) is subject to its own stringent cybersecurity requirements, it appears that the DIB is not explicitly excluded from CIRCIA's provisions. The DIB Cybersecurity Strategy aligns with interagency efforts and emphasizes collaboration with the DIB to ensure a secure information environment. Furthermore, the Defense Federal Acquisition Regulation Supplement (#DFARS) mandates DoD contractors to report cyber incidents, suggesting a framework of compliance that may intersect with CIRCIA's requirements. As CISA's new portal becomes operational, it will be crucial for entities within the critical infrastructure sectors to understand their obligations under this evolving regulatory landscape. Give us a call if you need a hand. #GessoSolutionsInternational

https://lnkd.in/eeSaExrr Certified CMMC Practitioner Tip: The #CMMC Level 1 control AC.L1-3.1.22 is a critical practice for safeguarding Federal Contract Information (#FCI) and Controlled Unclassified Information (#CUI) from being disclosed on publicly accessible systems. It mandates the identification of authorized individuals to post or process information on such systems, the establishment of procedures to prevent FCI/CUI from being posted, and the implementation of a review process before any content is made public. Additionally, it requires a mechanism to remove and address any improper posting of FCI/CUI, ensuring that sensitive information remains protected. We're required to control public information which contains FCI/CUI. As a service, we've created an Open Source Alert to monitor each of our customers in accordance with CMMC Level 1 control, AC.L1-3.1.22, Control information posted or processed on publicly accessible information systems. Give us a call if you need a hand. #GessoSolutionsInternational

https://lnkd.in/gjtsi7Y7 The recent settlement involving Raytheon Technologies Corporation (RTX) and the U.S. Department of State underscores the critical importance of adhering to arms control regulations. The $200 million civil penalty for 750 violations of the Arms Export Control Act and the International Traffic in Arms Regulations reflects the severity of unauthorized exports of defense technology. This case highlights the ongoing challenges and the necessity for robust compliance measures within the defense industry to ensure national security and adherence to international standards. Give us a call if you need help with this. #GessoSolutionsInternational #ITAR #EAR

https://lnkd.in/eYdrUHuh Certified #CMMC Practitioner Tip:  Understanding the business processes related to the inflow of FCI and CUI within your organization is crucial. Individuals responsible for handling FCI/CUI— from intake, processing, storage, or transmission—should expect an assessor interview to confirm their comprehension of safeguarding this information in accordance with corporate governance. Give us a call if you need a hand #GessoSolutionsInternational

https://lnkd.in/e5sT7FH2 The recent lawsuit filed by the United States against the Georgia Institute of Technology and the Georgia Tech Research Corporation underscores the critical importance of #cybersecuritycompliance. The Department of Defense has emphasized the necessity of adhering to DFARS 7012 regulations, which mandate safeguarding covered defense information and reporting cyber incidents. The #CybersecurityMaturityModelCertification (CMMC) aims to further enhance security measures through third-party audits, ensuring that contractors meet stringent cybersecurity standards. This proactive approach reflects the growing emphasis on protecting sensitive information within the #defenseindustrialbase. Give us a call if you need a hand. #GessoSolutionsInternational

https://lnkd.in/eT_prjYY #CMMC Practitioner Pro Tip: When an Organization Seeking Certification (OSC) reaches out to a CMMC Third Party Assessment Organization (C3PAO) for a CMMC evaluation, it is essential for the OSC to specify the particular units within their organization that will participate in the assessment. There are three specific scoping units to be identified: the Headquarters (HQ) Organizational Unit, the Host Unit, and any Supporting Units. It is mandatory for the OSC to clearly define their HQ Organizational Unit, their Host Unit (should it be distinct), and all Supporting Units during their CMMC Assessment request.

https://lnkd.in/gw3rVhEU BLUF: Employee vetting and two-party checks relative new/existing hires are crucial insider threat concerns. The importance of #insiderthreatmanagement and meticulous employee #screening cannot be overstated in the realm of security. Despite a rigorous interview process encompassing background checks, authentic references, and multiple video interviews, an individual managed to circumvent detection by employing a legitimate identity misappropriated from someone in the U.S. The deception was amplified by the use of an AI-enhanced stock image, demonstrating the sophisticated tactics employed by malicious actors in the digital age.