FutureFeed | CMMC~NIST~DFARS

Partners Pricing Perspectives Events Marketplace Mission

Latest Perspectives

Image showing that 32 CFR 170 has been submitted to OIRA for Review

DoD Takes Next Step Toward CMMC

32 CFR 170 was submitted to the Office of Management and Budget's Office of Information and Regulatory Affairs ("OIRA") on June 27, 2024. This means that 32 CFR 170 could be published in Final Rule form as early as October 26, 2024.

A flow chart illustrating considerations for when CUI can be disseminated.

Disseminating CUI to Others

Deciding whether someone is authorized to receive CUI can be confusing. This flow chart makes it easier to understand the process.

NIST Releases Final Versions of SP 800-171 Rev. 3 and SP 800-171A Rev. 3

The National Institute of Standards and Technology (NIST) has published the final versions of Special Publications (SP) 800-171 Rev. 3 and 800-171A Rev. 3. These publications are crucial for organizations handling Controlled Unclassified Information (CUI) and provide updated guidelines for assessing and implementing security requirements to protect this information.

Access the CMMC Mock Assessment Webinar Materials

32 CFR Part 236 Rule Change Finalized

CIC2024 Highlight Reel

video-interview-leia-kupris-shilobod-cism-ccp

Video Interview: Leia Shilobod on Navigating CMMC Compliance with Expertise and Innovation

Join Mark Berman, CEO of FutureFeed, as he engages in a compelling discussion with Leia Shilobod at CIC 2024 in Mission Bay, San Diego.

As a Managed Service Provider (MSP) with a focus on aiding Defense Industrial Base (DIB) contractors in achieving and maintaining compliance, Leia shares her extensive experience and the crucial role of tools like FutureFeed in streamlining the compliance process.

Video Interview: Victoria Pillitteri from NIST on SP 800-171 Rev. 3 and more

In an insightful conversation at CIC2024, Mark Berman, CEO of FutureFeed, engaged with Victoria Yan Pillitteri, Manager of Security Engineering and Risk Management Group at National Institute of Standards and Technology (NIST), discussing the pivotal role of standards in cybersecurity.

The dialogue shed light on NIST's continuous effort in enhancing security controls and standards in response to evolving threats, underscoring the inclusive approach where every stakeholder, regardless of size, has a voice in shaping these standards.

A must-watch for anyone involved in or interested in cybersecurity, illustrating the dynamic, user-focused process of standard development at NIST.

NIST SP 800-171r3 Final Public Draft Released

The National Institute of Standards and Technology ("NIST") released NIST SP 800-171r3 as a "Final Public Draft", and NIST SP 800-171Ar3, the Assessment Guide for NIST SP 800-171r3, as an "Initial Public Draft".

This article includes links to the documents and a discussion of how they impact CMMC and FutureFeed.

IT Documentation: The Unsung Hero of Your Organization's Success and CMMC Readiness – Getting Started is Easier Than You Think!

Alright, folks, let's talk about IT documentation. I know what you're thinking – it's not the most thrilling topic on the planet. But, when it comes to gearing up for a CMMC Pre-Assessment, it's a crucial piece of the puzzle. And trust me, it's not as challenging as you might think.

Why does it Matter?

You see, the assessment process involves examining documents, interviewing people, and evidence of their use, and testing systems. So, the first thing you need to do is to get your IT documentation in order. Quality and consistency are the name of the game here, ensuring that your organization follows uniform processes and procedures, which ultimately lead to better outcomes and demonstrate your commitment to cybersecurity.

Boosting ROI and Gaining a Competitive Edge: How Service Providers Can Leverage Compliance Frameworks in Client Acquisition

In the ever-evolving business landscape, service providers need to find ways to stand out and prove their value to potential clients. By incorporating compliance frameworks into your new client acquisition process, you can demonstrate a commitment to industry standards, security, and quality – ultimately leading to increased ROI, profitability, and competitive advantage.

Align with Industry Standards to Attract High-Value Clients

Clients who prioritize security and compliance are often more likely to invest in quality services. By implementing relevant compliance frameworks and adhering to industry standards, you can attract high-value clients who recognize the importance of working with a reliable and trustworthy service provider.

Don't Panic! NIST SP 800-171 r3 discussion draft and FutureFee.

Don't Panic! NIST SP 800-171r3 and FutureFeed

NIST released an initial discussion draft of SP 800-171 revision 3 ("r3") on May 10, 2023. This article discusses that draft, suggested actions for our clients while we await the finalization of r3, and our implementation plans for supporting r3.

Assigned the Task of Getting Your Company Compliant: Burden or Blessing in Disguise?

Hello, dear friends! Today, we're going to discuss a situation that many of you may have experienced or might encounter in the future – being "burdened" with the task of getting your company compliant. At first glance, this might seem like a daunting and undesirable responsibility. But, what if I told you that this assignment could actually be a blessing in disguise and a career-changing opportunity? Intrigued? Let's explore the reasons why embracing this challenge can transform your professional journey and unlock a world of possibilities.

DoD Publishes new DFARS Rule Impacting SPRS

DoD published a new DFARS rule (DFARS 252.204-7024) which allows contracting officers to consider supply chain risk as they are making contract awards. Read on for more!

Security Without Governance is not Secure

The Internet has quickly revolutionized the way governments, companies, and other organizations conduct business. But in their haste to gain market share and meet client/constituent expectations, many organizations are pushing out products and services that are not, and using IT infrastructure that is not, secure. This has made it easy for criminals and other adversaries to conduct ransomware attacks, steal data, manipulate systems, and even take control over critical infrastructure. These criminal acts are shutting down governments for weeks on end, forcing businesses out of business, and wreaking havoc on our national security and our economy. This needs to change.

Service Member Inspecting Computer Equipment

DoD Adds Scrutiny to Contractor Cybersecurity Programs

June 16 DoD memo increases pressure on contractors to ensure their cybersecurity programs are in line with requirements.

75% claim CMMC perfection vs 25% meet most controls (according to DIBCAC)

75/25 - We Need You

Regan Edens' LinkedIn post is nothing short of a CMMC national call to action. To bottom line it, there are two facts.

75% of the companies submitting SPRS scores, scored themselves 110 out of 110
Based on two years of DIBCAC assessments only 25% of all companies assessed met most of the required CMMC practices

There is the one most important word that every supplier to the DIB needs to know and needs to know now. Otherwise, they risk their ability to bid on new business as soon as 9 months from now.

That one word?

"START"

Read more...

Water Delivery. Air Force Airman 1st Class Terrell Coleman delivers bottled water near the Makai Recreation Center at Joint Base Pearl Harbor-Hickam, Hawaii, Dec. 21, 2021, while supporting the initiative to restore a safe water delivery system to base military housing communities through testing, treatment and repair. Photo By: Marine Corps Cpl. Hannah Adams. Disclaimer: The appearance of U.S. Department of Defense (DoD) visual information does not imply or constitute DoD endorsement.

Contractors not as Suppliers - but as Leaders

President Biden's Executive Order: "...cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector."

Here is a way to ACTUALLY deliver on the directive.

DoD CMMC work, like these Rig Ready Marines need to work TOGETHER with market forces for desired outcomes.

Let’s Go DoD, There is Still Time to Fix CMMC.

Whatever the mechanism, make it more profitable to be secure than insecure. That simple market dynamic is all that matters. Here is how to make CMMC work using market economics, rather than fighting them...

Communication is Critical for Effective Cybersecurity

Establishing a Communication Framework

Communication is a critical for an effective cybersecurity program. Taking the time to establish frames of reference can help keep everyone from talking past each other.

FutureFeed and FutureFeed LevelOne logos.

FutureFeed CMMC 2.0 Upgrade

FutureFeed releases its CMMC 2.0 upgrade on Monday, 15 November 2021. Details include the elimination of deprecated practices and processes, user interface changes, and a full merger of NIST 800-171 and CMMC Level 2 - Advanced.

CMMC 2.0 provides self-assessments. Completing one is like following a recipe.

A Holiday Recipe for a Self-Assessment

With many organizations finding themselves relieved of the 3rd-part CMMC assessment requirement, it is time to tackle the challenge of the self-assessment. What does it mean to self-assess, and how to start?