The National Institute of Standards and Technology ("NIST") released NIST SP 800-171r3 as a "Final Public Draft", and NIST SP 800-171Ar3, the Assessment Guide for NIST SP 800-171r3, as an "Initial Public Draft".
This article includes links to the documents and a discussion of how they impact CMMC and FutureFeed.
Alright, folks, let's talk about IT documentation. I know what you're thinking – it's not the most thrilling topic on the planet. But, when it comes to gearing up for a CMMC Pre-Assessment, it's a crucial piece of the puzzle. And trust me, it's not as challenging as you might think.
Why does it Matter?
You see, the assessment process involves examining documents, interviewing people, and evidence of their use, and testing systems. So, the first thing you need to do is to get your IT documentation in order. Quality and consistency are the name of the game here, ensuring that your organization follows uniform processes and procedures, which ultimately lead to better outcomes and demonstrate your commitment to cybersecurity.
In the ever-evolving business landscape, service providers need to find ways to stand out and prove their value to potential clients. By incorporating compliance frameworks into your new client acquisition process, you can demonstrate a commitment to industry standards, security, and quality – ultimately leading to increased ROI, profitability, and competitive advantage.
Align with Industry Standards to Attract High-Value Clients
Clients who prioritize security and compliance are often more likely to invest in quality services. By implementing relevant compliance frameworks and adhering to industry standards, you can attract high-value clients who recognize the importance of working with a reliable and trustworthy service provider.
NIST released an initial discussion draft of SP 800-171 revision 3 ("r3") on May 10, 2023. This article discusses that draft, suggested actions for our clients while we await the finalization of r3, and our implementation plans for supporting r3.
Hello, dear friends! Today, we're going to discuss a situation that many of you may have experienced or might encounter in the future – being "burdened" with the task of getting your company compliant. At first glance, this might seem like a daunting and undesirable responsibility. But, what if I told you that this assignment could actually be a blessing in disguise and a career-changing opportunity? Intrigued? Let's explore the reasons why embracing this challenge can transform your professional journey and unlock a world of possibilities.
DoD published a new DFARS rule (DFARS 252.204-7024) which allows contracting officers to consider supply chain risk as they are making contract awards. Read on for more!
The Internet has quickly revolutionized the way governments, companies, and other organizations conduct business. But in their haste to gain market share and meet client/constituent expectations, many organizations are pushing out products and services that are not, and using IT infrastructure that is not, secure. This has made it easy for criminals and other adversaries to conduct ransomware attacks, steal data, manipulate systems, and even take control over critical infrastructure. These criminal acts are shutting down governments for weeks on end, forcing businesses out of business, and wreaking havoc on our national security and our economy. This needs to change.
June 16 DoD memo increases pressure on contractors to ensure their cybersecurity programs are in line with requirements.
Regan Edens' LinkedIn post is nothing short of a CMMC national call to action. To bottom line it, there are two facts.
There is the one most important word that every supplier to the DIB needs to know and needs to know now. Otherwise, they risk their ability to bid on new business as soon as 9 months from now.
That one word?
President Biden's Executive Order: "...cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector."
Here is a way to ACTUALLY deliver on the directive.
Whatever the mechanism, make it more profitable to be secure than insecure. That simple market dynamic is all that matters. Here is how to make CMMC work using market economics, rather than fighting them...
Communication is a critical for an effective cybersecurity program. Taking the time to establish frames of reference can help keep everyone from talking past each other.
FutureFeed releases its CMMC 2.0 upgrade on Monday, 15 November 2021. Details include the elimination of deprecated practices and processes, user interface changes, and a full merger of NIST 800-171 and CMMC Level 2 - Advanced.
© 2023 FutureFeed.co. All rights reserved.
Disclaimer: The appearance of U.S. Department of Defense (DoD) visual information does not imply or constitute DoD endorsement.