Home » Blog
CMMC, Compliance

Are you prepared to self-assess?

Last month, I talked about the interim rule for CMMC and that as of November 30, 2020, contracting officers will check the Supplier Performance Risk System (SPRS) database to confirm that a contracting agency has an active SPRS Assessment prior to the award of a...

CMMC, Blog, Compliance, News

The interim rule for CMMC

For all of 2020, there has been a frenzy over migrating from CUI to CMMC. As a matter of fact, Duffy Compliance Services has even been registered to become a C3PAO (Certified 3rd-Party Assessment Organization) for CMMC. The intention was that CMMC would be in place...

CMMC Levels and Associated Focus Chart
Blog, News

NIST publishes newest update

NIST just published their newest update to the security control baselines in the 800 series. If you weren't aware, this is really key to the NIST family. The interesting thing is that they've merged a lot of these controls together from 800-53 and its various...

Blog, Compliance, ISO

Can ISO benefit your organization?

The compliance world is full of different regulations such as ISO, CMMC, HIPAA, FISMA.... You might ask how anyone navigates through government regulations. However, a more valuable question would be… could any of these regulations actually benefit your...

ISO International Organization for Standardization
Compliance, CMMC

CMMC – Win and retain government contracts

Under the new CMMC mandate by the US Department of Defense (DoD), all contractors within the DoD supply chain must be CMMC certified. Failure to achieve and maintain CMMC certification will impact your organization’s ability to work on future contracts and may...

CMMC Levels and Associated Focus Chart

What CUI means for DoD Contractors and Subcontractors

DFARS 22.204-7012 is a cybersecurity rule issued by the DOD requires all contractors and subcontractors, regardless of size, to comply with two key information security requirements: (1) Adequate Security and (2) Incident Reporting. “Adequate Security” is satisfied by showing compliance with NIST Special Publication (SP) 800-171 and be implemented “as soon as practical” but not later than December 31, 2017. It was designed to protect CUI on nongovernment information systems.


Not all Threats are Vulnerabilities

What is a vulnerability? When looking for vulnerabilities don't consider technical threats as the only threats to the system.  Your security should include some attention to all threats. A system vulnerability is defined as a weakness to the system.  For example,...

What Is Penetration Testing