Context of the Organization and ITAR Compliance

Context of the organization

Utilizing the context of the organization clause of an ISO 9001:2015 Quality Management System (QMS) can allow for a more resilient ITAR compliance program.    This can be accomplished by integrating export compliance into an existing management system s that includes all the tasks required to ensure that business is conducted in accordance to federal regulations.  … Read more

CUI Document Marking Requirements and CMMC 2.0

CUI Document Marking Requirements

Controlled Unclassified Information (CUI) document marking requirements apply to a wide range of users who access information related to the U.S. government. CUI  is unclassified information that requires safeguards or dissemination controls in accordance with governmental regulations and policies. CUI is categorized into 20 “Organizational Index Groupings” to address sectors such as Defense, Export Control, … Read more

Managing an Export Compliance Program

Managing an Export Compliance Program

Managing an Export Compliance Program (ECP) properly ensures its effectiveness.  These programs are essential to the sustainability of a business.  However, any plan, no matter how well conceived, is only as effective as its execution.   Planning the Export Compliance Program Specific requirements for an Export Compliance Program are contingent on the types of products an … Read more

Delays in CMMC 2.0 Final Ruling

As 2023 opens it appears that there may be further delays in CMMC 2.0 reaching a final ruling as the Pentagon considers additional revisions of the proposed rule.  These reconsiderations are, as reported on ClearanceJobs, the result of internal politics and concerns on the impact on businesses.  Because the rule is in proposed status, it … Read more

Maintaining a CMMC Program – Best Practices

maintaining a CMMC program

Maintaining a CMMC program requires that organizations engage management system principles in their daily cybersecurity programs.  These activities will be essential for Department of Defense (DoD) contractors to remain compliant. Current CMMC Requirements Currently CMMC 2.0 requirements are divided into three levels of compliance: CMMC Level 1 – Foundational is comprised of the 17 practices … Read more

CMMC Consultants – Assessment and Preparation

CMMC 2.0 Compliance CVG Strategy CMMC Consultants CVG Strategy CMMC consultants can prepare your organization for Cybersecurity Maturity Model Certification (CMMC) 2.0.  We specialize in performing assessments of information assets and data flows to ensure that proper application of NIST SP 800-171 security controls are in place.  This process includes performance of a Gap Analysis, … Read more

ISO 27001 Cybersecurity Management System

ISO 27001 cybersecurity

ISO 27001 cybersecurity management is an effective Information Security Management System (ISMS) for organizations and businesses of all sizes.  It provides a means to ensure confidentiality, integrity, and availability of information in a system that can be harmonized with other management systems. The ISO Advantage There are numerous cyber security solutions for protecting confidential information.  … Read more

NIST Cybersecurity for Business Applications

nist cybersecurity for business

Integrating NIST cybersecurity for business applications into existing management system processes requires specialized implementation.  This is of special concern for organizations involved in contracting with the Department of Defense (DoD) that are adopting NIST SP 800-171 to meet Cybersecurity Maturity Model Certification (CMMC) requirements.   A major issue in this integration, is that the NIST cybersecurity … Read more

Implementing ISO 9001:2015 Around Your Organization

implementing iso 9001 2005

Implementing ISO 9001:2015 properly can benefit an organization across the board if executed appropriately.  The first steps of an effective implementation process should include determining what the intended results of the program should be.  These quality objectives may include factors beyond meeting customer expectations and ensuring the quality of products and services.  For example, a … Read more

Challenges in Adopting CMMC Standards

challenges in adopting CMMC standards

Many small businesses owners have expressed concerns about the challenges in adopting CMMC standards.  While the Department of Defense (DoD) has been stressing the necessity for contractors to reach various levels of Cybersecurity Maturity Model Certification (CMMC) for years now, many businesses are at a loss as to how to implement an effective program despite … Read more

Export Compliance Program Management ISO 37301

Export Compliance Program Management

Export Compliance Program Management Effective export compliance program management poses challenges for organizations of all sizes and sectors.  U.S. export regulations such as the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR) are complex and under constant revision.  Compliance is further complicated for organizations that have multinational operations and must therefore … Read more

Service Industry Quality Management ISO 9001-1:2015

service industry quality management

Why Have a Quality Management System for Service Industry Businesses? At first glance a Quality Management System (QMS) might appear inappropriate for service industry businesses.  There would appear to be a lack of metrics to serve as inputs, as a large portion of the product is not physical.  Customer satisfaction however, is a very tangible … Read more

Messaging App Security and Information Privacy

messaging app security

Many users take messaging app security for granted when sending text messages, voice messages, photos, and videos.  However, not all apps secure messaging data equally.  This is a concern for both organizations and individuals who wish to ensure the confidentiality, integrity, and authenticity of information transferred between authorized users. Elements of Messaging Security Messaging app … Read more

Cybersecurity Maturity Model Certification (CMMC)

cybersecurity maturity model certification

What is Cybersecurity Maturity Model Certification? The Office of the Under Secretary of Defense for Acquisition & Sustainment has released the Cybersecurity Maturity Model Certification program.  The program will be made effective in new programs released by the Department of Defense (DoD) and will be a requirement for product and service providers.  This program has … Read more

Cybersecurity Threats Trending Methods for 2021


Cybersecurity Threats by Industry Sector Cybersecurity threats remain a significant concern for organizations in every sector.  IBM’s 17th Cost of a Data Breach Report provided insights in to the nature of the threat environment in 2021.  This report provides an assessment of risks and strategies for protecting data and responses to data breaches. Among its … Read more