Have you considered an enclave solution?
Dedicated enclave solutions are popping up in the form of Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). In both cases, someone else builds, manages, and monitors a cloud-based environment, in some cases, one that was designed to meet regulatory...
Ransomware… are you at risk?
Another day, another ransomware attack, each one seeming bigger and bolder than the last. You may be thinking that you do not have anything to worry about because you are just a small company who does not have any secret data. Besides, your staff does not go to shady...
What exactly is a CMMC .997 plan and why might you need it?
A note from the president of Duffy Compliance, Shawn Duffy As the Cybersecurity Maturity Model Certification (CMMC) process continues to roll out, and businesses learn what is involved in all five levels, some requirements will look familiar, and some will not. At...
Press Release: Duffy Compliance Services Launches CUI-SafeHarbor, a Secure Virtual Environment
New Market, Maryland, May 17, 2021 – Duffy Compliance Services, a provider of cybersecurity consulting and compliance services is the first U.S.-based compliance service provider to offer a CMMC Level 3 compliant-ready environment. For small businesses who are...
Potential changes from upcoming Biden executive order
In the coming weeks* we could see a new executive order from the Biden Administration that will likely address new regulatory requirements for software development standards. These changes in software standards could potentially change in the way the government...
Introducing CUI-SafeHarbor
As CEO of Duffy Compliance, I have learned a lot about the needs of small businesses. As a small business owner myself, I know it can be hard to find vendors and service providers who really understand the needs of small businesses or who actually take the time to...
The difference between vulnerability scanners and penetration testing
Besides regulatory compliance, two cybersecurity services Duffy Compliance has been known for are penetration testing and vulnerability assessments. At first glance, pen testing and vulnerability assessments may appear to mean the same thing. Often this question comes...
Security Awareness Training – not a checkbox
While I've written about security awareness training in the past, I'm revisiting it today because it never gets old. Training isn't just something you did to check off a box; it's something you do... continually. With the cyber attackers constantly refining their...
Press Release: Duffy Compliance Services has been approved by the CMMC Accreditation Body as a candidate Certified 3rd Party Assessor Organization (C3PAO)
New Market, Maryland, February 8, 2021 – Duffy Compliance Services, a provider of cybersecurity consulting and compliance services is now approved as a candidate Certified 3rd Party Assessor Organization (C3PAO) by the CMMC Accreditation Body. The CMMC Accreditation...