The difference between vulnerability scanners and penetration testing
Besides regulatory compliance, two cybersecurity services Duffy Compliance has been known for are penetration testing and vulnerability assessments. At first glance, pen testing and vulnerability assessments may appear to mean the same thing. Often this question...
Security Awareness Training – not a checkbox
While I've written about security awareness training in the past, I'm revisiting it today because it never gets old. Training isn't just something you did to check off a box; it's something you do... continually. With the cyber attackers constantly refining their...
Press Release: Duffy Compliance Services has been approved by the CMMC Accreditation Body as a Certified 3rd Party Assessor Organization (C3PAO)
New Market, Maryland, February 8, 2021 – Duffy Compliance Services, a provider of cybersecurity consulting and compliance services is now approved as a Certified 3rd Party Assessor Organization (C3PAO) by the CMMC Accreditation Body. The CMMC Accreditation Body is...
What is CSF, and do you need it?
Over here at Duffy Compliance, we are all things security. But that doesn't necessarily mean that you know many of the terms (or alphabet soup) that we throw around. One term that has come up recently from some of our clients is "CSF," formally known as NIST's...
Are you prepared to self-assess?
Last month, I talked about the interim rule for CMMC and that as of November 30, 2020, contracting officers will check the Supplier Performance Risk System (SPRS) database to confirm that a contracting agency has an active SPRS Assessment prior to the award of a...
The interim rule for CMMC
For all of 2020, there has been a frenzy over migrating from CUI to CMMC. As a matter of fact, Duffy Compliance Services has even been registered to become a C3PAO (Certified 3rd-Party Assessment Organization) for CMMC. The intention was that CMMC would be in place...
NIST publishes newest update
NIST just published their newest update to the security control baselines in the 800 series. If you weren't aware, this is really key to the NIST family. The interesting thing is that they've merged a lot of these controls together from 800-53 and its various...
Can ISO benefit your organization?
The compliance world is full of different regulations such as ISO, CMMC, HIPAA, FISMA.... You might ask how anyone navigates through government regulations. However, a more valuable question would be… could any of these regulations actually benefit your...
Security Awareness Training – Can you pass a phishing test?
Duffy Compliance Services is all about compliance, of course, and one part of that compliance is Security Awareness Training. However, I don't see Security Awareness Training as simply checking off a box for compliance requirements and moving onto the next. The...
CMMC – Win and retain government contracts
Under the new CMMC mandate by the US Department of Defense (DoD), all contractors within the DoD supply chain must be CMMC certified. Failure to achieve and maintain CMMC certification will impact your organization’s ability to work on future contracts and may...