Cyber Compliance made easy
COMPLIANCE WITHOUT COMPLEXITY®
Ready for your eyes to glaze over? Neither are we. The complexity of compliance from assessment, to development of the Plan of Actions and Milestones (POAM), to documentation including the preparation for the upcoming Cyber Security Maturity Model Certification (CMMC) is nothing you’ll need to burden yourself with. Because all of that is our job.
We not only provide assessment, security and protection services from cybersecurity threats for small and medium sized manufacturers, we offer you Compliance Without Complexity®. Our customized, cost-effective turnkey program to managing and maintaining your cybersecurity for years to come.
From an audit to assessing your security vulnerabilities and deficiencies, to developing a POAM to address those needs, to executing the POAM, to developing and submitting documentation for securing compliance, to helping you achieve new levels of compliance that can open doors to more business. We handle it all.
And, we do so by requiring a minimal amount of your time. So, you can keep an eye on what you do best.
Comprehensive Vulnerability Assessment
Evaluate small business network scope and needs while providing accurate vulnerability assessments.
Apply lessons learned within the assessment to build a plan and develop processes to strengthen security footprint.
Ongoing Managed Services
Execute planned initiatives, report results, and fight against complacency.
Our Services Include
- Voluntary CMMC Assessments to meet DIBCAC High and eventually translate to CMMC Level 2 (see Cyber AB launches voluntary CMMC assessment program for defense contractors – FedScoop)
- CMMC Pre-Assessment Readiness Reviews for Level 1 and Level 2
- DFARS 252.204-7012, 7019 and 7020 compliance assessments
- Plan of Actions and Milestones (POAM) – Creation and on-going management
- Managed Security & Compliance Services – Protecting companies by providing management and support services with annual audits and security-focused services
What is NIST SP 800-171?
The National Institute of Standards and Technology (NIST) 8SP 800-171 is a business-oriented cybersecurity standard that provides guidelines, technical specifications, recommendations and annual reports to help keep business information safe.
What is the Cybersecurity maturity Model Certification (CMMC)?
The Cybersecurity Maturity Model Certification (CMMC) was introduced by the United States Department of Defense (DoD) in January 2020 in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB) and ensure appropriate levels of cybersecurity practices and processes are in place to protect the Controlled Unclassified Information (CUI) that resides on the Department’s industry partners’ networks.
DoD Supply Chain Organizations
NIST SP 800-171 is a business-oriented cybersecurity standard that provides guidelines, technical specifications, recommendations and annual reports to help keep business’s information safe. This standard became a requirement in January 2018 for companies working with controlled unclassified information (CUI) anywhere along the Department of Defense (DoD) supply chain. DoD affiliates that fail to reach compliance risk losing their federal contracts. NIST SP 800-171 compliance is highly recommended for businesses unaffiliated with the DoD. Failure to meet these standards increases vulnerability to cyber-attacks, which can severely damage or even destroy a business.
There are over 300,000 companies in the US Defense Industrial Base. Most of those companies are small companies with less than 500 employees. The requirements imposed by the CMMC framework are difficult and near impossible for a small business to meet on their own. They will need a cost effective solution to be compliant. The standard was released in January 2020 and the plan is to pilot it with a subset of contracts pulling in up to 1000 suppliers for audit. CMMC certification will be phased in to all DoD contracts over the next five years.
In the meantime, companies still need to self-certify that they meet NIST SP 800-171. This publication defines policies that apply to all prime and subcontractor companies conducting business with the Federal Government.
Many businesses need to look at their supply chain to ensure compliance with NIST security standards.
Critical Transportation & Energy Sector Data
Financial Data on Accounts, Bank Transfers, and Financial Reports
Personally Identifiable Information and Regulated Data
Tax, Census, & Sensitive Population Information Data
Patient Records and Information
Law Enforcement Data: Case Files, Personal Identifying Information
Reports and Data Designated as CUI or NATO Restricted
Immigration Data: Status, Visa Status, and Asylees
Military Personnel Records
Non-DoD Supply Chain Organizations
NIST 800-171 compliance is highly recommended for businesses unaffiliated with the DoD. Failure to meet these standards increases a business’s vulnerability to cyber-attacks, which can severely damage or even destroy a business. All companies should follow this standard to keep their information safe. We can help you get there.