Compliance Made Simple

 

3.2.3

Provide security awareness training on recognizing and reporting potential indicators of insider
threat

3.3.2

Ensure that the actions of individual system users can be uniquely traced to those users, so
they can be held accountable for their actions.

3.4.7

Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and
services

3.5.3

 Use multifactor authentication for local and network access to privileged accounts and for
network access to non-privileged accounts.

3.13.2

Employ architectural designs, software development techniques, and systems engineering
principles that promote effective information security within organizational systems.

3.7.2

Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system
maintenance.

3.5.8

Prohibit password reuse for a specified number of generations.


Latest News


How to get a Cybersecurity Maturity Model Certification

Step 1: Know The Facts

Compliance with DFARS 252.204-7012 and NIST 800-171 is no longer sufficient. To become CMMC certified, organizations must complete a formal assessment from a certified CMMC assessor. The CMMC Accreditation Body (CMMC-AB), which was established in 2020, oversees Certified Assessors (CAs) and Certified Third-Party Assessment Organizations (C3PAOs) who can conduct certification assessments.

If you’re new to federal contracting or if you are currently working with the DoD, don’t risk jeopardizing contract opportunities due to an incomplete understanding or outdated information.

Start with a consultation.




Cybersecurity Maturity Model Certification (CMMC) 

The CMMC has carefully laid out 17 domains that have 43 distinct capabilities across 5 Levels of Maturity.   The greater the maturity level you can achieve from your CMMC audit the more of a competitive advantage you will have when securing contracts.   DFARS.org will help your organization work toward gaining that advantage. 

CMMC LEVELS:

Level 1: Basic Cyber Hygiene

Level 2: Intermediate Cyber Hygiene

Level 3: Good Cyber Hygiene

Level 4: Proactive

Level 5: Advanced/Progressive

Compliance Landscape


U.S. national cyber compliance depends upon an interdependent network of various stakeholders.

From federal agencies to research institutions to private market innovators, government and industry have come together to form a collaborative network of professionals dedicated to ensuring that cybersecurity standards maintain and achieve consistency and integrity at every level.

Organizations need to respond to cyber threats today with more adaptive, contextually intelligent security solutions based on a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network.

There are more than 1,200 cybersecurity companies competing in the cybersecurity market today.

Here are some of the companies to consider when searching for the best solution:

OUSD Acquisition & Sustainment

link

Microsoft Azure for US Government

link

ownCloud

link

Yubico

link

Software Engineering Institute

link

NIST Information Technology Laboratory

link

Federal Risk and Authorization Management Program

link

DoD Cyber Crime Center

link

Duo

link

Amazon Web Services GovCloud

link

System for Award Management

link

pax8

link

DFARS.org Compliance Roadmap

  • Consultation
  • Gap Assessment
  • Security Audit
  • Compliance Plan
  • POA&M
  • Penetration Testing
  • Vulnerability Report
  • System Security Plan
  • Managed Cyber Hygiene
  • Remediation Report

Start with a Consultation


The DFARS (Defense Federal Acquisition Regulation Supplement) requires defense contractors to comply with specific cybersecurity requirements detailed in NIST 800-171. With pages and pages of information and regulations set forth by the DoD, there is no doubt that their expectations can be overwhelming.  And although you may be an expert in your own field, you probably don’t have the bandwidth to read the endless amounts of information that the government publishes so why not let the experts at DFARS.org help make sense of it all by scheduling a consultation today.  Scheduling a consultation with an expert at DFARS.org will cover all the basics and help determine your current level of preparedness for the standards set forth by the DoD

Gap Assessment


Once you have completed the consultation, the next step would be to schedule a gap assessment. The preliminary gap assessment is a high-level readiness analysis that will get your organization started on the path towards compliance and certification. By thoroughly surveying your capabilities, policies, and practices, the Gap Assessment will help you and us to better understand the current vulnerabilities and security gaps in your IT network, which is the first step in order to comply with CMMC.