Michigan Alliance of APEX Accelerators’ Post

As CMMC consultants and assessors, it is our responsibility to assist contractors, especially SMBs, to migrate to the regulatory environment. Unfortunately, many assessment firms (RPO/C3PAO/RP/CCP/CCA based) get tunnel vision and only focus on CMMC, neglecting the contractor's business. During the Sarbanes Oxley era we prioritized (on a risk basis) the POA&Ms and worked with the company over several years to mature their company into regulatory compliance. Albeit, CMMC won't allow this, but the process is simliar. Each business is composed of various vertical components, and how they run their business is critical. When assisting contractors on policies and procedures, we must highlight and mature their existing policies and procedures to satisfy CMMC. We don't replace their policies so that CMMC is the only focus. We help the contractor mature into CMMC and walk with them while we/they mature their policies and procedures. Let's put the contractor's business first and CMMC second when we perform our pre-assessments. By helping the contractor mature, they can grow into the regulatory framework of CMMC over the long term. Remember, the contractor has a business to run, and it is our duty to assist them in migrating to the regulatory environment. Funny, I did this method with a top 5 prime, and it worked great, and the appreciation was well noted. Listen to your contractor and learn their business then start the CMMC path. #cmmc #defensecontractors #dod #cyberdefense #aerospace #militarycommunity #security

We provide an objective sampling that simulates an actual C3PAO CMMC Level 2 Assessment for 20 of the 110 NIST Controls. This exercise allows company to determine the effectiveness of their CMMC readiness efforts. Learn more: https://lnkd.in/gubx85b9

Is your company prepared ? For better or worse, compliance with CMMC is not optional for those in the DoD supply chain. Keeping and gaining more DoD contracts depends on your ability to verify that you can achieve and maintain the level of security that is required through your DoD contract. Let me know if you would like to see if VC3 and I can help. #DFARS #DoDCompliance #NISTCompliance #CMMCGAPAnalysis

Great News From #CMMC They are moving to the finish line. CMMC Final Rule moves to OIRA review (cmmcaudit.org) If you want to learn more about CMMC come to Https://ontechnologypartners.com

Confidence in credential service providers is a complex thing to measure, and it’s emphatically not just about the tech. Kantara Initiative has a crucial ecosystem role in contributing to this confidence. #identityassurance

The most stringent requirements in the CMMC Program will belong to Level 3. These 24 security controls come from NIST SP 800-172 and will be required for any DIB company that has a Level 3 requirement in their DOD contract. The estimated cost of implementation has been provided by the DOD and the numbers behind the costs can be found in the proposed rule. We have linked you to a primer for what is in store when the CMMC proposed rule is finalized. CyberEye CMMC Level 3 Key Takeaways -https://lnkd.in/e524BSpj CMMC Proposed Rule - Federal Register - https://lnkd.in/ejr9_hY3

The Steadfast March Towards CMMC Reaches Another Milestone! The clock is ticking for Defense Industrial Base (DIB) contractors to prepare for CMMC compliance. The 48 CFR CMMC Rule, which will revise the DFARS clause in contracts (252.204-7021), has reached the Office of Management and Budget's (OMB) Office of Information and Regulatory Affairs (OIRA). Once approved by OMB, the rule will be published in the Federal Register. Here's the key takeaway: There's no time to wait! This signifies continued progress towards mandatory CMMC compliance in DoD contracts by late 2024 or early 2025. Here's our full timeline, along with simple steps to prepare for #CMMC: https://lnkd.in/ehW9HzrT

In our latest article we explore the benefits of hiring a NIST 800-171 consultant to perform a gap assessment and implementation services to secure Controlled Unclassified Information (CUI). https://zurl.co/lU8U

After nearly 22 months of draft and public comment periods, the National Institute of Standards and Technology (NIST) released the final copy of NIST 800-171 Revision 3, "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations." Revision 3 brings significant changes compared to Revision 2, with both simplifications and additions to strengthen security postures — including the introduction of control families, organization-defined parameters (ODPs), and more granular requirement details. Our Principal GRC Specialist Allison DiPietro took to the blog to outline the differences between Revisions 2 and 3, and what they functionally mean for organizations that adhere to its requirements. Check it out >> https://lnkd.in/eRRvquUw #compliance #grc #nist #governanceriskandcompliance #govcon