The loss of sensitive data can cost a business millions of dollars and severely ...
Many organizations do not want to pay for a full-time CISO or do not know if they are ready...
Cybersecurity governance provides a strategic view of how your organization controls...
The Cybersecurity Risk & Maturity Assessment (CSMA) is a gap analysis and risk assessment...
A vulnerability assessment systematically reviews security weaknesses in IT ecosystems...
A penetration test, or pen test, actively identifies, tests, and highlights your organization’s...
Social engineering is the act of exploiting human weaknesses to gain access to...
With the growing threat of cyberattacks and data breaches—and the potential costs...
At any time, your organization might be running hundreds of security controls...
Is your manufacturing business prepared for CMMC compliance? Learn what CMMC compliance is...
At Right Hand, we understand what it takes for companies doing work within a defense industry ...
The National Institute of Standards and Technology (NIST), a division of the U.S. Department...
SOC is a suite of reports from the American Institute of Certified Public Accountants (AICPA)...
PCI DSS designs a set of security standards to ensure that all companies accepting...
ISO 27001 is a set of standards and requirements for an information security management...
Is your IT team stretched to the breaking point supporting your business? Have you had...
Is your in-house IT staff overworked and overburdened managing routine tasks? Do you have...
Our Help Desk Services provide businesses with fast, professional IT care at an affordable...
Cloud computing is transforming the way organizations buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human...
We are experts in supporting manufacturing companies with their cybersecurity posture and compliance needs such as CMMC so they can win DoD contracts!
You may have found that as your practice has grown, IT maintenance, security, and repair...
A better approach to IT support for law firms is known as Managed IT Services...
Cloud computing is transforming the way organization buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human..
The loss of sensitive data can cost a business millions of dollars and severely ...
Many organizations do not want to pay for a full-time CISO or do not know if they are ready...
Cybersecurity governance provides a strategic view of how your organization controls...
The Cybersecurity Risk & Maturity Assessment (CSMA) is a gap analysis and risk assessment...
A vulnerability assessment systematically reviews security weaknesses in IT ecosystems...
A penetration test, or pen test, actively identifies, tests, and highlights your organization’s...
Social engineering is the act of exploiting human weaknesses to gain access to...
With the growing threat of cyberattacks and data breaches—and the potential costs...
At any time, your organization might be running hundreds of security controls...
Is your manufacturing business prepared for CMMC compliance? Learn what CMMC compliance is...
At Right Hand, we understand what it takes for companies doing work within a defense industry ...
The National Institute of Standards and Technology (NIST), a division of the U.S. Department...
SOC is a suite of reports from the American Institute of Certified Public Accountants (AICPA)...
PCI DSS designs a set of security standards to ensure that all companies accepting...
ISO 27001 is a set of standards and requirements for an information security management...
Is your IT team stretched to the breaking point supporting your business? Have you had...
Is your in-house IT staff overworked and overburdened managing routine tasks? Do you have...
Our Help Desk Services provide businesses with fast, professional IT care at an affordable...
Cloud computing is transforming the way organizations buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human...
We are experts in supporting manufacturing companies with their cybersecurity posture and compliance needs such as CMMC so they can win DoD contracts!
You may have found that as your practice has grown, IT maintenance, security, and repair...
A better approach to IT support for law firms is known as Managed IT Services...
Cloud computing is transforming the way organization buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human..
The number of cyber-attacks on businesses, organizations, and governmental institutions has accelerated in just the last few years. Furthermore, the COVID-19 pandemic has weakened many organizations’ cybersecurity posture, which brought with it a new wave of successful attacks.
Frameworks like DFARS and CMMC are more than necessary to make sure that all contractors and subcontractors who handle controlled unclassified information are doing so according to cybersecurity standards. Still, the confusion created by unrealistic or inaccurate requirements and the delays in rolling out new regulations can only lead to chaos if left unchecked.
The Defense Federal Acquisition Regulation Supplement (or DFARS) is a memorandum issued by the Department of Defense (DoD) for contractors and subcontractors, and was designed as a set of cybersecurity requirements for contractors and organizations operating with the DoD, to safeguard controlled unclassified information (CUI) from cyberattacks and accidental leaks.
This memorandum aims to strengthen cybersecurity practices and secure the Defense Industrial Base (DIB) against cyber threats. Unfortunately, the requirements and standards specified in the DFARS are not clear enough for real-life implementation, which slowed down the entire process and left contractors and subcontractors in a state of confusion.
The DoD released the Cybersecurity Maturity Model Certification (CMMC) framework to replace the DFARS standard and provide clarity. Nevertheless, the CMMC has not been fully implemented, and the DoD still demands that all contractors & subcontractors that process, store, or transmit CUI must comply with DFARS minimum security standards. Otherwise, contractors risk losing their collaboration with the DoD.
In addition, on September 29, the DoD released an Interim Rule (that became effective on November 30) that focuses on making sure all DoD contractors are currently in compliance with all 110 security controls in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (NIST 800-171). Furthermore, the rule also adds CMMC as a requirement in a DoD contract.
Sadly, the rule does not answer many of the questions that contractors have regarding CMMC implementation. As a result, the situation is still uncertain, and many business owners are still in a state of confusion.
As of now, the CMMC is not fully rolled out and DFARS is still in effect. In fact, the CMMC Accreditation Body (AB) mentioned clearly that the DFARS standard is paramount for CMMC compliance for any of the DoD contractors that handle CUI, regardless of size.
In short, the CMMC framework is an improved version of the DFARS framework, with an added level of control that comes as audits and assessments that validate your company’s cybersecurity practices against the standard. These controls will be performed by independent third-party certified organizations, and each contractor will be assigned a maturity level from “Basic Cybersecurity Hygiene” to “Advanced/Progressive” (there are 5 levels in total).
For instance, a company working under DFARS that wants to reach level 3 (“Good Cybersecurity Hygiene”) should already have about 85% of the work already laid out; this is because, out of the 130 controls, 110 are straight from NIST 800-171, which has been the standard for several years.
Since we did not have specialized controls up until the CMMC framework, many companies will have gaps. Based on our expertise, some of the most common issues are:
Before applying for a CMMC evaluation, run a complete analysis to assess your current compliance level.
DoD contractors and subcontractors handling controlled unclassified information have had to self-assess their cybersecurity using NIST SP 800-171 requirements. This has proven inefficient because contractors lack a well-structured system to support their self-assessment efforts. As a result, there are plenty of gaps and differences in planning from one business to another.
The Interim Rule is trying to improve this situation by helping contractors grade themselves using a standardized score. This way, each contractor can learn about the NIST SP 800-171 security requirements they still need to work on.
This means that all the contractors that work with CUI will have to take the NIST 800-171 Self-Assessment (even though they already did one in the past) and then post their result in the Supplier Performance Risk System (SPRS). The DoD cannot award contracts without this new assessment, which follows the scoring methodology specified by the Interim Rule.
Contractors should expect random audits by the DCMA, checking their self-assessment and final scores.
If you want to stay in the game, your business needs to be in compliance. This means keeping up with the new standards, as challenging as they may be. Our specialists have the necessary knowledge and experience to get you there. We evaluate your business, identify goals, and provide a framework and action plan while protecting your core job functions. Were ready to become your cybersecurity team or fill the gaps in your cybersecurity program.
We provide advice and guidance on CMMC compliance rules, ensuring you stay updated with all new developments.
We are ready to become your cybersecurity team or fill the gaps in your cybersecurity program. If you have questions about these topics, don’t hesitate to reach out to our specialists.
Explore comprehensive phishing prevention strategies for financial institutions, including the FS-ISAC framework, employee education,…
Explore Shadow IT risks and benefits, and learn how consistent MSP support can help…
Navigate CMMC compliance complexity with our master guide. Explore key documents like SSP and…
The Certified Information Systems Security Professional is an information security certification with extremely high standards. Less than 132,000 people worldwide had this certification at the end of 2018.
It has also been formally approved by the DOD and is globally recognized in the field of IT security.
It covers the following topics:
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security
This a system engineer certification and tests the user’s knowledge on the following topics:
Windows
SQL Server
Exchange Server
SharePoint
System Center (SCCM)
Lync
The A+ Certification demonstrates that the computer technician has the skill set needed to customize, install, maintain, and operate PCs.
In addition to these certifications, Right Hand also has strategic partnerships with some of the biggest names in the industry like Microsoft, Dell, Citrix, and Fortinet.
What could be more assuring than having these industry giants on your side?
As the name suggests, this certification is for Network Engineers. Everything from the installation and maintenance to troubleshooting of networks including the understanding of all related technologies is a part of the course.
This certification shows that the technician who has passed the Microsoft exam is capable of managing, migrating, deploying, planning, and assessing the technology, security, and compliance needs associated with Microsoft Office 365.
The CompTIA Security Plus SY0-501 course provides certifications in the following topics:
Threats
Vulnerabilities
Attacks
System Security
Network Infrastructure
Access Control
Cryptography
Risk Management
Organizational Security