Upcoming events

Follow Us


Log in

Log In

<< First  < Prev   1   2   3   4   5   ...   Next >  Last >> 
  • 23 Nov 2021 10:21 PM | Richard Brooks (Administrator)

    GCA recently released another training episode in its Governese YouTube channel.  If you are formulating a strategy to get your share of the $1.2 Trillion in infrastructure spending, you may want to check out this webcast.  It provides the latest details on the spending and provides insights that could enhance your strategy to obtain your slice of the pie.  (Click below to download the slide presentation)


    Click the image to start the video.


    Presentation download: 

     


  • 08 Nov 2021 10:29 AM | Richard Brooks (Administrator)

    By Sarah Hutchins and Michael Goldsticker


    The U.S. Department of Justice is targeting federal contractors and grant recipients who fail to adhere to cybersecurity requirements in their agreements and who violate their obligation to monitor and report ransomware attacks and other types of cybersecurity breaches. 

    “For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it,” Deputy Attorney General Lisa Monaco said in a press release announcing the Civil Cyber-Fraud Initiative last month. “Well that changes today. We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards — because we know that puts all of us at risk.”

    Under this initiative, the principal tool the Department of Justice will use to pursue these contractors is the False Claims Act, which imposes liability on companies and individuals who defraud federal government programs. False Claims Act cases may be brought not only by the U.S. government but also by private citizens who serve as whistleblowers. Lax cybersecurity measures often go undiscovered until a breach or other catastrophic event.  In light of the financial incentives for private whistleblowers and plaintiffs’ attorneys to bring False Claims Act lawsuits – including automatic attorney’s fees and up to 30% of the government’s recovery in a successful action – DOJ’s policy initiative could encourage internal whistleblowers to bring cyber concerns to light and may result in a proliferation of False Claims Act litigation. 

    The Civil Cyber-Fraud Initiative comes at a time when False Claims Act litigation has already been sweeping up contractors that are, in fact, providing the contracted-for service but fail to comply with one of the other myriad requirements applicable to government contracts. These “implied certification” cases are premised on the notion that a contractor commits fraud by submitting a claim to the government for payment while failing to disclose its noncompliance with a separate statutory, regulatory, or contractual requirement. The company’s signing of the contract serves as an implied certification that it has met all the applicable requirements.

    Since the U.S. Supreme Court’s Escobar ruling in 2016, False Claims Act disputes have often turned on whether the requirement at issue was material to the government’s decision to pay. In prior False Claims Act cases involving a failure to comply with cybersecurity requirements, contractors have argued that the violation was immaterial to the government’s payment decision, insofar as the contract concerned services unrelated to information technology or cybersecurity.

    While that argument has had mixed results, it now is likely to be viewed with skepticism, particularly in light of the Biden administration’s express focus on cybersecurity. For example, the Department of Defense stated last year that it intended to make its standard contractual terms relating to cybersecurity more robust. And after the cyberattack on the Colonial Pipeline this year, President Biden issued an executive order focused on how government contractors detect, prevent, and remediate cyber threats, including the need for broad cyber-incident reporting requirements and the creation of standardized, and likely more stringent, cybersecurity requirements for federal contractors.

    Federal contractors who are not following the latest cybersecurity best practices may face substantial legal exposure because the False Claims Act holds liable contractors who merely act recklessly towards applicable requirements, such as cybersecurity regulations. 

    In addition, the initiative is the latest example of how cybersecurity and data privacy regulations – and the penalties associated with them – continue developing at a rapid rate. Lawmakers in the Carolinas and more than 10 other states introduced sweeping data privacy bills this year. Virginia, California, and Colorado have already passed their own.

    Bottom line, the downside of failing to comply with best practices on cybersecurity and data privacy continues to get steeper. DOJ’s recent emphasis on cybersecurity, when combined with the expanding web of federal cybersecurity regulations, creates sizeable legal and financial pitfalls for unwitting government contractors. Government contractors – and businesses in general – should carefully assess the cybersecurity terms in their contracts and consider conducting an enterprise-wide assessment of their data practices and risks, in order to avoid financial exposure from both a business and legal perspective.

    Sarah Hutchins and Michael Goldsticker are attorneys at law firm Parker Poe. They can be reached at sarahhutchins@parkerpoe.com and michaelgoldsticker@parkerpoe.com.

  • 27 Oct 2021 6:13 PM | Richard Brooks (Administrator)


    In June 2021, the Biden administration announced its plans to increase the percentage of Small Business contracting by 50% over the next 5 years.  To meet this goal, the administration has proposed $30B in new SBA initiatives that would reduce barriers to small business ownership and success.  The new SBA initiatives will focus on increasing access to capital with new direct loans to small businesses, new loan products for clean energy businesses and manufacturers, and will establish a new Small Business Investment Corporation that will make early-stage equity investments in small businesses with priority for SDBs. 

    Further, the SBA will offer technical assistance programs to 8(a) firms, reinforce the American subcontracting network to create pathways to prime contracting, encourage Fortune 500 firms to diversify their procurements, and bring more socially and economically disadvantaged businesses into federal research and development programs. These investments would include an innovative new $1 billion grant program through the Minority Business Development Agency meant to help minority-owned manufacturers access private capital (More details on the American Jobs Plan here: https://www.jdsupra.com/legalnews/biden-announces-50-percent-increase-in-1989148/). 

    The Legislative Update: According to the National Law Review, the House of Representatives approved a $3.5 trillion budget resolution in late August.  This triggered a reconciliation process that House Democrats are using to include components of President Biden’s American Jobs Plan.  They are working to have a legislative package completed by the end of September.  Then the bill will still need to be approved by both the House and the Senate.  (Beltway Buzz, August 27, 2021: America Jobs Plan and US Budget https://www.natlawreview.com/article/beltway-buzz-august-27-2021-america-jobs-plan-and-us-budget).  It is still to be determined which aspects of the American Jobs Plan will be included in the final legislation.  Now is a good time to talk to your congress person to request his/her support for the American Jobs Plan initiatives.



  • 03 Oct 2021 8:46 PM | Richard Brooks (Administrator)

    On September 20-21, 2021, the Government Contractors Association (GCA) in cooperation with Korean SME and Startups Agency, Living Tree, GovBridge Capital and KAIST College of Business conducted a trade mission to Washington DC.  The purpose of the trip was to facilitate new connections for GCA members with South Korean representatives and manufacturers. 

    GCA members on the delegation trip were:

    GCA members were able to attend Korean manufacturers’ presentations of some very unique products which could help GCA members establish new niches for selling both to the government and to commercial clients.  GCA members provided feedback on the commercial viability of the various products.

    We want to send a special "Thank You" to President Hak Do Kim and the whole KOSME/KOTRA delegation for helping make this a successful and collaborative event.

    GCA also engaged two DC based government contracting specialists to provide their insights into doing business in Washington DC.  Judy Bradt, CEO of Summit Insight and author of “Government Contracts Made Easier,” delivered an insightful presentation on developing relationships for success in government contracting.  Judy did a really amazing job of breaking down exactly who contractors should target and how best to approach key decision makers and get engaging responses. 

    Attendees also were treated to a presentation from Marvin Hamlin, Principal Consultant with Accounting Integration and Management Solutions LLC.  Mr. Hamlin is an accounting professional with more than 30 years of experience supporting government contractors.  He provided a presentation focused to help businesses go “Beyond the Plateau.”  The plateau represents a point where businesses experience little or no growth following a period of progress.  Mr. Hamlin specializes in preparing companies for acquisition or sale and was able to provide valuable insights into why companies find it difficult to go beyond the plateau.  He also fielded questions on business strategy, preparing for DCAA audits, and the initial motivations for and the success or lack of success for some of the mergers and acquisitions he had worked on.

    GCA thanks all who participated in the DC Trade Mission.  We look forward to the assisting you with your new supplier and teaming agreements. 

    For those who were not able to participate in this trade mission, there will be other opportunities in the future.


  • 10 Sep 2021 3:51 PM | Richard Brooks (Administrator)


    We are now in the period during which agencies become sharply aware that they need to deploy any remaining budget before the end of the fiscal year or risk losing that funding in the following year.  During this period, Federal agencies have historically committed approximately 31% of all contracting dollars.  Contracting officers will be looking for qualified contractors to provide needed products and services.  Contractors who have diligently engaged contracting officers throughout the year, even if they have not yet won a contract, may be uniquely positioned to take advantage of the coming opportunities, but their work is not done.  Here are just a few suggestions for your end of year business development.

    If you have been working all year long to promote your business, hopefully contracting officers already know who you are and what you offer.  Now is not the time to stop.  Contractors who have diligently promoted their services may finally start to receive some real engagement.  Continue to nurture relationships with your established contacts reminding them of your company’s qualifications and capabilities.  They may be looking for a company just like yours.  Be wary that this is a busy time for contracting officers.  Without being pushy, make it easy for them to engage you.

    It is better to engage a contracting officer about a specific upcoming forecasted opportunity if possible.  Note that some previously listed opportunities may be modified.  Be diligent in monitoring new and existing opportunities and be aware of what is left from the year’s forecast.  Contracting officers may choose different contracting vehicles than originally listed to complete a solicitation.  They may also combine solicitations.

    The nimble contractor will reap the rewards.  Know your teaming partners’ qualifications and be ready to quickly engage new partners as needed.  Contractors should have information at the ready for conversations with contracting officers who may approach them with opportunities the contractor may not previously have tracked.   Being a part of a ready-made contracting community like the Government Contractors Association can make finding partners easier.

    Contractors should make sure your NAICS codes and certifications are up to date both in SAM and on your capability statements.  Make sure to document any GSA Schedules and Broad Agency Announcements to which your company may have access.  Any inconsistencies in your information may give a decision maker pause when considering your company for a contracting opportunity.  Be ready to discuss which Simplified Acquisition Procedures for which your company or team are qualified.  Contracting officers may be looking for efficient ways to make an award.

    Finally, below is a sample email to glean from and modify to fit your specific needs.

    SAMPLE EMAIL: Seeking for Sole Source Contracts

    POC’s first name,

    We met at this event…. (or) I was referred to you by the (SBA, OSDBU, GCA, PTAC, Small Business Specialist, or etc.)

    I want to introduce myself and our company to your agency.

    My name ____________ and our company name is __________________.   Our company is a (SDVOSB, Hubzone, 8a, WOSB, or any other certifications which you may have that is appropriate). 

    We specialize in: (no more than 3 areas)

    • Bullet point #1 (make sure that your skills/services match with the agencies you are contacting)
    • Bullet point #2
    • Bullet point #3

    Should you have any Simplified Acquisition needs, Micro-Purchases or Sole Source initiatives, we can respond very quickly to support your projects.

    Very Truly Yours,

    Your Name

    Your Title

    youremail@yourcompany.com

    www.YourCompany.com

     (???) ???-???? Office

    DUNS#: ?????????

    UEID #: ????????????

    See attached – CAPABILITY STATEMENT


  • 10 Jun 2021 11:36 PM | Richard Brooks (Administrator)


    The Biden administration has announced a new initiative of "increasing the share of contracts going to small disadvantaged businesses by 50 percent by 2026 - translating to an additional $100 billion to small disadvantaged businesses (SDBs) over the 5 year period."  These plans were announced on June 1, 2021, the 100 year anniversary of the Black Wall Street massacre in Tulsa, Ok.  The increase in set-aside contracting is one part of a platform of steps the administration is taking to address the racial wealth gap by providing additional opportunities to small minority businesses.  Click here for full details


    What does this mean for you as a contractor?

    The Biden administration is "launching an all-of-government effort to expand contracting opportunities for underserved small businesses across the country." Contractors need to begin positioning themselves for the new or increased opportunities.

     It is time to work on your small business certifications. These will be important to qualify for any new set-aside contracts.  There will surely be new opportunities made part of the 8(a) BD program, but there may be opportunities for companies with other small business certifications through partnerships and subcontracting. 8(a) firms may want to expand their capabilities through new partnerships.  Non-8(a) firms should consider more Mentor-Protege relationships with 8(a) firms.

    Your preparation should continue beyond relationships. Consider getting CMMC certified if you plan to target DOD contracts. Will you need additional funding for potentially larger contracts? Do you need additional bonding capacity? Learn new Capture Management strategies. Monitor any announcements from various federal agencies announcing new contracting opportunities as a result of this new initiative.  Happy hunting!


  • 26 May 2021 5:33 PM | Richard Brooks (Administrator)

    The Colonial Pipeline cyberattack was a ransomware attack. It was a financially driven cybercrime and unfortunately, it happens all too often. Our Nation is extremely bright and at the top of technology and security, yet we still see so many successful cyber-attacks. Businesses of all sizes are suffering cyber threats and cybercrime daily.

    When we heard about SolarWinds cyberattack late last year, some of us may have nodded our heads acknowledging the importance of cybersecurity but the Colonial Pipeline attack is a really big wake-up call to small and big businesses, alike. Cyber Resiliency starts with good control of our security posture. It's about giving priority to the digital systems we utilize to run our operations or deliver our services. It is about investing in a risk mitigation plan and having a buttoned-up security posture and cyber-incident response suited for our businesses to mitigate our vulnerabilities and protect our assets. A very big part of achieving cyber resiliency is cyber awareness training.

    We need to protect our business from cyberattacks, and if breached, our company needs to survive a devastating cyberattack with minimal disruption or detrimental financial consequences. Cyberattacks are the single largest risk to our business today. This year alone, businesses have experienced an eye-opening 80% increase in cyberattacks with Ransomware attacks up 148% and phishing attacks up 600%. The odds that our business is the next target in a cyberattack have never been higher. For this reason, many businesses are seeking an additional layer of protection in the form of Cybersecurity & Cyber Liability Insurance.

    Small businesses, DoD contractors and private contractors are particularly vulnerable because many of them do not have the necessary resources to have buttoned up cybersecurity posture and hire full-time cybersecurity experts. It’s no surprise that small businesses comprise half to three-quarters of all ransomware victims. And when these businesses do become targets, it can have devastating and permanent impacts, forcing some to close their doors permanently.

    The good news is that DoD and Government Contractors don’t have to implement cybersecurity requirements alone and there are affordable solutions for every budget. That is why the Department of Defense has laid out security measures to help businesses to understand their responsibility and respond to a cyberattack with more preparedness. The Cybersecurity Maturity Model Certification identifies the level of security you need as a small business and as a Federal Contractor.

    In the past, vendors were able to self-certify that they were meeting the security requirements of NIST 800-171. Unfortunately, this isn't working out very well and some vulnerabilities could easily be avoided. There is no doubt that cybercrime has been increasing rapidly and we need to protect our businesses as one Nation. The DoD has a very secure cyber environment, so hackers are constantly trying to hack into vendors, such as SolarWinds cyberattack, and then swim upstream to all the networks that are connected to the vendor, including DoD. In the previous contracting model, the DoD focused on four areas: *cost *schedule *performance, and *cybersecurity. Since cybersecurity needs to be buttoned up top to down with minimal vulnerability, the DoD has switched the focus to building a foundation on cybersecurity.

    Having a CMMC not only shows that you are building a cyber secure culture as you serve the government, but it also gives you the best opportunity to go to the front of the line for DoD contracts. Anybody who is not certified is not even allowed to bid on the DoD contracts. This will put you way ahead of the pack and give you the best opportunity to increase your profitability in the government space. Cybersecurity and building cyber resiliency are not a 'one and done' model but rather a foundation that our government is teaching us to give importance to. By having the certification for your level, building a buttoned-up cybersecurity posture, and having cyber insurance to protect you financially if you face cyber threats, you are helping your own business to get more contracts and have a cyber secure and financially promising future!


  • 23 Apr 2021 10:26 PM | Richard Brooks (Administrator)

    As you embark on the CMMC journey and prepare to learn more about the certification process and apply to be certified as a federal contractor, you will come across many acronyms. Some of these acronyms play a major role as you become CMMC certified. It would definitely be worth to have a quick reference page as you move forward and get your pre-assessment started.

    The following glossary is adapted from the DOD’s CMMC 1.0 Appendices as well as CMMCAB.ORG and republished here as a service to our readers and clients looking into getting pre-assessment for CMMC Compliance and prepare for the assessment. CMMC definitions will be the standard for use of terms by CMMC Auditors. We also hope this will help you and your team speak the same language.

    CMMC ACRONYMS & DEFINITION

    C3PAO - CMMC Third-Party Assessors Organization

    Organization authorized to manage the assessment process and enter into a contract to deliver CMMC assessments with assessed organization and certified CMMC assessors.

    CCA/CCP - Certified CMMC Assessors/Professionals

    Credentialed Individuals are authorized to deliver assessments, training, and consulting.

    CUI - Controlled Unclassified Information

    Information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and government-wide policies, excluding information that is classified under Executive Order.

    CDI - Covered Defense Information

    Term used to identify information that requires protection under DFARS Clause.

    Unclassified controlled technical information (CTI) or other information, as described in the CUI Registry, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government wide policies and is:

    *Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of, DoD in support of the performance of the contract, OR

    *Collected, developed, received, transmitted, used, or stored by, or on behalf of, the contractor in support of the performance of the contract.

    Cybersecurity

    Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.

    Defense Industrial Base (DIB)

    The worldwide industrial complex that enables research and development, as well as design, production, delivery, and maintenance of military weapons systems, subsystems, and components or parts, to meet U.S. military requirements.

    Domain

    Domains are sets of capabilities that are based on cybersecurity best practices. There are 17 domains within CMMC. Each domain is assessed for practice and process maturity across five defined levels.

    Encryption

    The process of changing plaintext into cipher text.

    Encryption Policies

    Policies that manage the use, storage, disposal, and protection of cryptographic keys used to protect organization data and communications.

    FCI - Federal Contract Information

    Federal contract information means information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public Web sites) or simple transactional information, such as necessary to process payments.

    Firewall

    A device or program that controls the flow of network traffic between networks or hosts that employ differing security postures.

    ICAM - Identity, Credential, and Access Management

    Programs, processes, technologies, and personnel used to create trusted digital identity representations of individuals and non-person entities (NPEs), bind those identities to credentials that may serve as a proxy for the individual or NPE in access transactions, and leverage the credentials to provide authorized access to an organizations’ resources.

    Insider Threat

    The threat that an insider will use her/his authorized access, wittingly or unwittingly, to do harm to the security of the organization or the United States. This threat can include damage to the

    United States through espionage, terrorism, unauthorized disclosure, or through the loss or degradation of departmental resources or capabilities.

    LPP - Licensed Partner Publisher The CMMC-AB LPP program is designed for publishers of educational courses and content who wish to sell such content to education organizations such as universities, online schools or professional schools or direct to consumer. Listed as a LPP on the CMMC-AB website.

    LTP - Licensed Training Providers The CMMC-AB LTP program is designed for providers of education and training services such as colleges, universities, online schools, professional schools, internal corporate training departments, or any direct-to-consumer learning providers. Delivers certified training to students using approved curriculum developed by LPPs. Listed as a Licensed Training Provider on the CMMC-AB Marketplace.

    Maturity Model

    A maturity model is a set of characteristics, attributes, or indicators that represent progression in a particular domain. A maturity model allows an organization or industry to have its practices, processes, and methods evaluated against a clear set of requirements (such as activities or processes) that define specific maturity levels. At any given maturity level, an organization is expected to exhibit the capabilities of that level. A tool that helps assess the current effectiveness of an organization and supports determining what capabilities they need in order to obtain the next level of maturity in order to continue progression up the levels of the model.

    MFA - Multifactor Authentication

    Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password); something you have (e.g., cryptographic identification device, token); or something you are (e.g., biometric).

    OSC - Organization Seeking Certification

    The company that is going through the CMMC assessment process to receive a level of certification for a given environment. The certificate allows organization to bid on DoD contracts up to the identified Maturity level.

    Patch

    An update to an operating system, application, or other software issued specifically to correct particular problems with the software.

    PII - Personally Identifiable Information

    Information which can be used to distinguish or trace the identity of an individual (e.g., name, social security number, biometric records) alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual (e.g., date and place of birth, mother’s maiden name).

    Risk Assessment

    The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system.

    Risk Management

    The program and supporting processes to manage information security risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation.

    Risk Mitigation

    Prioritizing, evaluating, and implementing the appropriate risk-reducing controls/countermeasures recommended from the risk management process.

    RP/RPO - Registered Provider/Organization

    Authorized to represent the organization as familiar with the basic constructs of the CMMC Standard with a CMMC-AB provided logo.

    The RPOs and RPs in the CMMC ecosystem provide advice, consulting, and recommendations to their clients. They are the “implementers” and consultants, but do not conduct Certified CMMC Assessments. Any references to “non-certified” services are only referring to the fact that an RPO is not authorized to conduct a certified CMMC assessment.

    SOC - Security Operations Center

    A centralized function within an organization utilizing people, processes, and technologies to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents.

    SCRM - Supply Chain Risk Management

    A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities, and threats throughout the supply chain and developing mitigation strategies to combat those threats whether presented by the supplier, the supplied product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal).

    Standards

    A document, established by consensus and approved by a recognized body, that provides for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context.

    Threat

    Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other

    organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

    Unauthorized Access

    Any access that violates the stated security policy.

    User

    Individual, or (system) process acting on behalf of an individual, authorized to access an information system.

    Vulnerability Assessment

    Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.


  • 23 Apr 2021 10:16 PM | Richard Brooks (Administrator)

    CMMC is the Department of Defense's newest tool to ensure vendors who supply services and products to the DoD have a secure cyber environment. Prior to getting an actual CMMC assessment, you will want to prepare and get a pre assessment. It can be a lengthy process ensuring that you meet all the requirements of not only NIST 800-171 but the new CMMC requirements.

    In the past, vendors and federal contractors were able to self-certify that they were meeting the requirements of NIST 800-171. This is no longer true, if you're a vendor doing business with the Department of Defense or wanting to do business with the Department of Defense, you will lose that opportunity if you cannot earn your CMMC certification.

    Here's a brief overview of the CMMC timeline:

    *January 2020, CMMC-AB officially launched

    *Summer of 2020, Certification and Registrations applications accepted

    *Fall/winter of 2020, Certified Publishers and Trainers chosen

    *Winter of 2020, training for Assessors and Professional start

    *Summer/Fall of 2021, first commercial CMMC certifications available

    *Summer 2021, the first RFP is coming out that will affect 1,500 vendors

    *2022, larger percentage of CMMC contracts coming out

    *End of 2025, all DoD contractors must be certified

    As a Federal Contractor, you must show a culture of cybersecurity. You cannot implement cybersecurity tools and practices one week and then the following week, have an assessor come in and look at your records and see that you just started doing it. The CMMC AB will ensure you have a culture where everybody in your organization understands the importance of cybersecurity.

    CMMC is the best opportunity for you to go to the front of the line for DoD contracts. Any contractor who is not certified is not even allowed to bid on the DoD contracts. Other federal agencies will also be requiring CMMC in the near future.

    Getting your pre-assessment, applying any remediations and/or closing any vulnerability gaps in your system and being on the path to be certified by the CMMC assessors will put you way ahead of the pack and it will give you the best opportunity to increase your profitability in the government space.

  • 08 Apr 2021 6:13 PM | Richard Brooks (Administrator)

    The first step to learning about the Cybersecurity Maturity Model Certification (CMMC) is to understand DoD’s mission. The Cybersecurity Maturity Model Certification Accreditation Body, also known as the CMMC-AB, "establishes and oversees a qualified, trained, and high-fidelity community of assessors. CMMC-AB also manages the ecosystem and oversee all the entities that can deliver consistent and informative assessments to participating organizations against a defined set of controls/best practices within the Cybersecurity Maturity Model Certification (CMMC) Program."

    The CMMC Model is both created and managed by the Department of Defense (DoD). The CMMC-AB reviews and combines various trusted cybersecurity standards and best practices and uses them across several knowledge levels that range from basic cyber hygiene to advanced. The CMMC-AB manage the system that ensures OSCs implements recommended controls and processes for a given CMMC level to reduce risk against a specific set of cyber threats. This method aids in both compliance and security that is both cost-efficient and affordable for small businesses.

    The CMMC stands by DoD’s mission to secure small businesses in an economically sound way that does not disregard proper compliance and security levels that have been proven to work against cyber attacks that threaten to hack and compromise important data. The CMMC provides a secure framework in which information, such as, FCI/CUI can be protected. The CMMC is evolving and has created pioneering ways to secure important information for small businesses that builds on proven existing frameworks and methods to secure important information while considering affordability and security at the same time.

    If you are interested in bidding and serving DoD Contracts or if you are currently a federal contractor and want to continue serving federal contracts, CMMC certification allows your company to continue participation and bid on DoD contracts. Within the CMMC, there are Security Maturity level 1 through 5, five being the highest. Once your company gets CMMC certification, it will be good for up to 3 years.

    It is highly recommended by the CMMC-AB that any contractors currently working on DoD contracts, or wanting to bid on them start the pre-assessment of their business security, practices & processes, and have plans to fix any defeciencies or vulnerabilities that are found. All DoD suppliers, and eventually all federal government suppliers will need to comply with the CMMC Certification requirements.


<< First  < Prev   1   2   3   4   5   ...   Next >  Last >> 




Powered by Wild Apricot Membership Software