Press Release: Duffy Compliance Services Launches CUI-SafeHarbor, a Secure Virtual Environment
New Market, Maryland, May 17, 2021 – Duffy Compliance Services, a provider of cybersecurity consulting and compliance services is the first U.S.-based compliance service provider to offer a CMMC Level 3 compliant-ready environment. For small businesses who are...
Potential changes from upcoming Biden executive order
In the coming weeks* we could see a new executive order from the Biden Administration that will likely address new regulatory requirements for software development standards. These changes in software standards could potentially change in the way the government...
Introducing CUI-SafeHarbor
As CEO of Duffy Compliance, I have learned a lot about the needs of small businesses. As a small business owner myself, I know it can be hard to find vendors and service providers who really understand the needs of small businesses or who actually take the time to...
The difference between vulnerability scanners and penetration testing
Besides regulatory compliance, two cybersecurity services Duffy Compliance has been known for are penetration testing and vulnerability assessments. At first glance, pen testing and vulnerability assessments may appear to mean the same thing. Often this question comes...
Security Awareness Training – not a checkbox
While I've written about security awareness training in the past, I'm revisiting it today because it never gets old. Training isn't just something you did to check off a box; it's something you do... continually. With the cyber attackers constantly refining their...
Press Release: Duffy Compliance Services has been approved by the CMMC Accreditation Body as a Certified 3rd Party Assessor Organization (C3PAO)
New Market, Maryland, February 8, 2021 – Duffy Compliance Services, a provider of cybersecurity consulting and compliance services is now approved as a candidate Certified 3rd Party Assessor Organization (C3PAO) by the CMMC Accreditation Body. The CMMC Accreditation...
What is CSF, and do you need it?
Over here at Duffy Compliance, we are all things security. But that doesn't necessarily mean that you know many of the terms (or alphabet soup) that we throw around. One term that has come up recently from some of our clients is "CSF," formally known as NIST's...
Are you prepared to self-assess?
Last month, I talked about the interim rule for CMMC and that as of November 30, 2020, contracting officers will check the Supplier Performance Risk System (SPRS) database to confirm that a contracting agency has an active SPRS Assessment prior to the award of a new...
The interim rule for CMMC
For all of 2020, there has been a frenzy over migrating from CUI to CMMC. As a matter of fact, Duffy Compliance Services has even been registered to become a C3PAO (Certified 3rd-Party Assessment Organization) for CMMC. The intention was that CMMC would be in place...