7tech Cybersecurity’s Post

#SP 800-171 Rev. 2: Understanding the New #Cybersecurity Standard for Defense Contractors https://lnkd.in/escMRS3N #Compliance #FederalContractors #NIST #Dataprotection #Rev #CUI #final #publication #ControlledUnclassifiedInformation

CMMC 2.0 is poised to revamp cybersecurity standards within defense contracting, streamlining the previous framework to enhance security and compliance efficiency. Overall, it simplifies the model into three levels, focusing on protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Notably, CMMC 2.0 introduces self-assessment for certain levels, a shift from mandatory third-party assessments, offering flexibility while maintaining rigorous security standards. This evolution aims to balance the urgency of cybersecurity with the practicality of implementation, ensuring defense suppliers can more feasibly meet critical security requirements. Understanding and preparing for CMMC 2.0 is crucial for defense contractors to continue complying and protecting sensitive data. #CMMC #compliance #security #business

CMMC 2.0 is poised to revamp cybersecurity standards within defense contracting, streamlining the previous framework to enhance security and compliance efficiency. Overall, it simplifies the model into three levels, focusing on protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Notably, CMMC 2.0 introduces self-assessment for certain levels, a shift from mandatory third-party assessments, offering flexibility while maintaining rigorous security standards. This evolution aims to balance the urgency of cybersecurity with the practicality of implementation, ensuring defense suppliers can more feasibly meet critical security requirements. Understanding and preparing for CMMC 2.0 is crucial for defense contractors to continue complying and protecting sensitive data. #CMMC #compliance #security #business

🚨New Blog Alert: CMMC 2.0 - Urgent Compliance Deadlines for DoD Contractors🚨 - The clock is ticking for small businesses in the Defense Industrial Base! ⏰ If you're a small business working with the DoD or its prime contractors, you can't afford to ignore the upcoming CMMC 2.0 compliance deadlines and Why CMMC matters to you 🛡️Deadlines and consequences ⏳and Time to comply 🗓️ 👇 Check out the full blog post here 👇 CMMC 2.0: Urgent Compliance Deadlines for DoD Contractors #CMMC2 #Cybersecurity #DCSNY #Compliance #DoD #CUI #FCI

USCG CYBER NPRM The U.S. Coast Guard Notice of Proposed Rulemaking, Cybersecurity in the Marine Transportation System, is scheduled to be published in the Federal Register on 02/22/2024. This NPRM proposes to add minimum cybersecurity requirements to 33 CFR part 101. The Coast Guard invites comment on whether any of the proposed requirements would overlap, conflict, or duplicate existing regulatory requirements from other Federal agencies. The requirements would consist of the following sections: • 101.600 Purpose • 101.605 Applicability • 101.610 Federalism • 101.615 Definitions • 101.620 Owner or Operator • 101.625 Cybersecurity Officer • 101.630 Cybersecurity Plan • 101.635 Drills and Exercises • 101.640 Records and Documentation • 101.645 Communications • 101.650 Cybersecurity Measures • 101.655 Cybersecurity Compliance Dates • 101.660 Cybersecurity Compliance Documentation • 101.665 Noncompliance, Waivers, and Equivalents.

On May 2, 2024, the Department of Defense issued a DFARS class deviation related to cybersecurity standards for covered contractor information systems. Contractors are required to comply with a number of cybersecurity and information security regulations including DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting”.  DFARS 252-204-7012 requires contractors to implement the National Institute of Standards Technology (“NIST”) Special Publication (“SP”) 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” that is “in effect at the time the solicitation is issued or authorized by the Contracting Officer". The class deviation will now require contractors to comply with the NIST SP 800-171 Revision 2 instead of the NIST SP 800-171 that is in effect at the time the solicitation is issued. This is to give both contractors and the DoD time to transition to the new security standards for the latest revision of the NIST SP 800-171. If you have any questions or concerns about this class deviation or complying with cybersecurity regulations, reach out to Ward and Berry! #govcon #cybersecurity #CUI #classdeviation #DoD #DFARS #NIST Read the DoD Announcement here: https://lnkd.in/gg8_V6gy Find the class deviation here: https://lnkd.in/gVZs-Cz9 Ryan Berry Daniel Ward Ryan Bradel Amanda Merced Eric Kronman Michael Hatch Tyson Marx Chelsea Padgett Brian Yu Nicholas Perry Matthew Saliman

The Department of Defense (DOD) has outlined a comprehensive, four-phase plan for implementing the new Cybersecurity Maturity Model Certification (CMMC) standard, impacting how contractors handle controlled unclassified information. This phased approach includes preparation, self or third-party assessments, reporting results, and full implementation, scheduled over a two-year period. The DOD expects contractors to meet varying levels of CMMC certification, with full compliance required in all contracts from October 2026. Notably, the DOD will not run a pilot program; instead, self-assessments become mandatory immediately upon the rule's finalization. Contractors must be vigilant, as individual solicitations will specify required CMMC levels, and the DOD has given its program managers the discretion to enforce CMMC requirements ahead of the official timeline. Public comments on this proposed rule are invited until February 26. #cybersecurity #cmmc #dod #defensecontractors #infosec #federalcontracts #compliance #datasecurity #contractmanagement #regulatoryupdates Source- https://lnkd.in/gbXr3F8b

"Furthermore, the requirement is implemented in the Defense Federal Acquisition Regulation Supplement DFARS through the solicitation provision of NIST SP 800-171 DoD Assessment Requirement, and the contract clause within the NIST SP 800-171 DoD Assessment Requirements." https://lnkd.in/g2y5CZRX #cybersecurity #defensecontractor #DFARS #compliance #industrialcyber #icssecurity #ics

CMMC 2.0 is poised to revamp cybersecurity standards within defense contracting, streamlining the previous framework to enhance security and compliance efficiency. Overall, it simplifies the model into three levels, focusing on protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Notably, CMMC 2.0 introduces self-assessment for certain levels, a shift from mandatory third-party assessments, offering flexibility while maintaining rigorous security standards. This evolution aims to balance the urgency of cybersecurity with the practicality of implementation, ensuring defense suppliers can more feasibly meet critical security requirements. Understanding and preparing for CMMC 2.0 is crucial for defense contractors to continue complying and protecting sensitive data. #CMMC #compliance #security #business

"Furthermore, the requirement is implemented in the Defense Federal Acquisition Regulation Supplement DFARS through the solicitation provision of NIST SP 800-171 DoD Assessment Requirement, and the contract clause within the NIST SP 800-171 DoD Assessment Requirements." https://lnkd.in/gpYDDihS #cybersecurity #defensecontractor #DFARS #compliance #industrialcyber #icssecurity #ics