Context of the Organization and ITAR Compliance

Context of the organization

Utilizing the context of the organization clause of an ISO 9001:2015 Quality Management System (QMS) can allow for a more resilient ITAR compliance program.    This can be accomplished by integrating export compliance into an existing management system s that includes all the tasks required to ensure that business is conducted in accordance to federal regulations.  … Read more

DFAR Amendment for Contractor Implementation

DFAR Amendment for Contractor Implementation

The Department of Defense (DoD) has proposed a Defense Federal Acquisition Regulation Supplement (DFAR) amendment for contractor implementation of Cybersecurity Maturity Model Certification (CMMC).  DFARS case 2019-D041 was first published in September 2020 with an effective date of November 20, 2020 to allow for the development of CMMC 2.0.  CMMC 2.0 establishes a framework for … Read more

NIST Special Publication 800-53 Controls

NIST Special Publication 800-53

NIST Special Publication 800-53 is a catalog of security and privacy controls released by the National Institute of Standards and Technology for U.S. federal information systems.  It includes key steps in the Risk Management Framework for the selection of appropriate security controls for information systems.  This framework standards and guidelines is a requirement for federal … Read more

Global Challenges for Cybersecurity Resilience

Global Challenges for Cybersecurity

Global challenges for cybersecurity resilience were outlined in a recent report from the World Economic Forum.  The report, Global Cybersecurity Outlook 2024, analyzes the state of inequity in achieving cyber security, the impacts of geopolitics on the cyber risk landscape, the effects of emerging technologies such as Artificial Intelligence (AI), and the shortage of qualified people … Read more

Secure Software Development Attestation Form Released

secure software development attestation

A secure software development attestation form has been approved by the Federal Government in an attempt to ensure that contracted developers of software assume responsibility for the security risks in the protection of federal information.  The form was released by the Cybersecurity and Infrastructure Security Agency (CISA) Office of Management and Budget (OMB) on April … Read more

KV Botnet Disrupted by FBI in Infected SOHO Routers

KV Botnet

The FBI has disrupted a KV botnet malware infection instigated by Volt Typhoon, a state sponsored threat actor affiliated with the People’s Republic of China (PRC).  The KV botnet was first identified in December of 2023.  It targeted Cisco and NetGear routers that were were no longer supported by manufacturer software updates.  The court-authorized operation, conducted … Read more

China is Targeting U.S. Infrastructure with Cyberattacks

China Targeting U.S. Infrastructure

The Washington Post reported that China is targeting U.S. infrastructure with cyberattacks in a continuing effort to increase its ability to disable critical systems.  The Cybersecurity and Infrastructure Security Agency (CISA) first announced these attacks in May of 2023.  CISA identified the source as Volt Typhoon, a state sponsored hacking group affiliated with China. Chinese … Read more

Common Cybersecurity Weaknesses for CUI Protection

Common Cybersecurity Weaknesses for CUI

Recent reports from the Department of Defense (DoD) outline common cybersecurity weaknesses for Controlled Unclassified Information (CUI) protection by contractors.  CUI is information that is possessed or created for the U.S. government that, by law, requires dissemination controls and safeguarding.  These required security controls are specified in NIST SP 800-171.  When prospective contractors respond to … Read more

DHS Cybersecurity Assessment Criteria Announced

DHS Cybersecurity Assessment Criteria

DHS cybersecurity assessment criteria has been released that will set the bar for businesses seeking contract awards from the agency.  The U.S. Department of Homeland Security has released this information to ensure that appropriate levels of “cyber readiness” are in place by its vendors.  The DHS plan, released by Chief Information Security Officer Kenneth Bible, is … Read more

CUI Document Marking Requirements and CMMC 2.0

CUI Document Marking Requirements

Controlled Unclassified Information (CUI) document marking requirements apply to a wide range of users who access information related to the U.S. government. CUI  is unclassified information that requires safeguards or dissemination controls in accordance with governmental regulations and policies. CUI is categorized into 20 “Organizational Index Groupings” to address sectors such as Defense, Export Control, … Read more

Managing an Export Compliance Program

Managing an Export Compliance Program

Managing an Export Compliance Program (ECP) properly ensures its effectiveness.  These programs are essential to the sustainability of a business.  However, any plan, no matter how well conceived, is only as effective as its execution.   Planning the Export Compliance Program Specific requirements for an Export Compliance Program are contingent on the types of products an … Read more

Delays in CMMC 2.0 Final Ruling

As 2023 opens it appears that there may be further delays in CMMC 2.0 reaching a final ruling as the Pentagon considers additional revisions of the proposed rule.  These reconsiderations are, as reported on ClearanceJobs, the result of internal politics and concerns on the impact on businesses.  Because the rule is in proposed status, it … Read more

Maintaining a CMMC Program – Best Practices

maintaining a CMMC program

Maintaining a CMMC program requires that organizations engage management system principles in their daily cybersecurity programs.  These activities will be essential for Department of Defense (DoD) contractors to remain compliant. Current CMMC Requirements Currently CMMC 2.0 requirements are divided into three levels of compliance: CMMC Level 1 – Foundational is comprised of the 17 practices … Read more

CMMC Consultants – Assessment and Preparation

CMMC 2.0 Compliance CVG Strategy CMMC Consultants CVG Strategy CMMC consultants can prepare your organization for Cybersecurity Maturity Model Certification (CMMC) 2.0.  We specialize in performing assessments of information assets and data flows to ensure that proper application of NIST SP 800-171 security controls are in place.  This process includes performance of a Gap Analysis, … Read more

ISO 27001 Cybersecurity Management System

ISO 27001 cybersecurity

ISO 27001 cybersecurity management is an effective Information Security Management System (ISMS) for organizations and businesses of all sizes.  It provides a means to ensure confidentiality, integrity, and availability of information in a system that can be harmonized with other management systems. The ISO Advantage There are numerous cyber security solutions for protecting confidential information.  … Read more

NIST Cybersecurity for Business Applications

nist cybersecurity for business

Integrating NIST cybersecurity for business applications into existing management system processes requires specialized implementation.  This is of special concern for organizations involved in contracting with the Department of Defense (DoD) that are adopting NIST SP 800-171 to meet Cybersecurity Maturity Model Certification (CMMC) requirements.   A major issue in this integration, is that the NIST cybersecurity … Read more