CMMC – Win and retain government contracts
Under the new CMMC mandate by the US Department of Defense (DoD), all contractors within the DoD supply chain must be CMMC certified. Failure to achieve and maintain CMMC certification will impact your organization’s ability to work on future contracts and may...
Duffy Compliance Services (DCS) selected to support Maryland Defense Contractors
Duffy Compliance Services is proud to announce that it has been selected by the Maryland Defense Cybersecurity Assistance Program to provide Defense contractors with more than $57 billion in economic assistant to comply with DFARS and NIST 800-171...
NIST Updates Cybersecurity Framework to Tackle Supply Chain Threats
NIST Updates Cybersecurity Framework to Tackle Supply Chain Threats, Vulnerability Disclosure and More By:Tara Seals, April 30, 2018 Version 1.1 includes updates on authentication and identity, self-assessment, supply-chain security and vulnerability...
What CUI means for DoD Contractors and Subcontractors
DFARS 22.204-7012 is a cybersecurity rule issued by the DOD requires all contractors and subcontractors, regardless of size, to comply with two key information security requirements: (1) Adequate Security and (2) Incident Reporting. “Adequate Security” is satisfied by showing compliance with NIST Special Publication (SP) 800-171 and be implemented “as soon as practical” but not later than December 31, 2017. It was designed to protect CUI on nongovernment information systems.
Not all Threats are Vulnerabilities
What is a vulnerability? When looking for vulnerabilities don't consider technical threats as the only threats to the system. Your security should include some attention to all threats. A system vulnerability is defined as a weakness to the system. For example,...
NIST Releases CUI Compliance Bulletin
NIST July Bulletin NIST released its July bulletin summarizing assessing security requirements for Controlled Unclassified Information (CUI). Additionally, the DFAR require compliance by federal and nonfederal organizations who handle this...
Third Party WordPress Themes Still Contain Malware
A cWatch blog in June 2018 revealed that third-party WordPress Themes with from WordPress.org still contain malware which can cause your server IP to be blacklisted, site front page to be blank or the site to be broken when attempted to delete the files. It also...
Threat Management and Cybersecurity Insurance Can Reduce Small Business Risk
Threat Management and Cybersecurity Insurance Can Reduce Small Business Risk Duffy Compliance Services is always searching for good content that supports small business clients. Check out this great post by Angela Gleason from the American Insurance Assn....
Free Preliminary Assessment!
For a limited time, we are providing a hacker's preliminary view of your environment, also known as an assessment. This is a no obligation view of your organization designed to show you what a hacker will discover about your organization before they even start to...
Government investigation finds federal agencies failing at cybersecurity basics
Devin Coldewey from TechCrunch provides insight into Governments cybersecurity capabilities and preparedness: Devin Coldewey@techcrunch / 5/30/2018 Comment The Office of Management and Budget reports that the federal government is a shambles — cybersecurity-wise,...
