Have you considered an enclave solution?
Dedicated enclave solutions are popping up in the form of Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). In both cases, someone else builds, manages, and monitors a cloud-based environment, in some cases, one that was designed to meet regulatory...
Ransomware… are you at risk?
Another day, another ransomware attack, each one seeming bigger and bolder than the last. You may be thinking that you do not have anything to worry about because you are just a small company who does not have any secret data. Besides, your staff does not go to shady...
What exactly is a CMMC .997 plan and why might you need it?
A note from the president of Duffy Compliance, Shawn Duffy As the Cybersecurity Maturity Model Certification (CMMC) process continues to roll out, and businesses learn what is involved in all five levels, some requirements will look familiar, and some will not. At...
Potential changes from upcoming Biden executive order
In the coming weeks* we could see a new executive order from the Biden Administration that will likely address new regulatory requirements for software development standards. These changes in software standards could potentially change in the way the government...
The difference between vulnerability scanners and penetration testing
Besides regulatory compliance, two cybersecurity services Duffy Compliance has been known for are penetration testing and vulnerability assessments. At first glance, pen testing and vulnerability assessments may appear to mean the same thing. Often this question comes...
Security Awareness Training – not a checkbox
While I've written about security awareness training in the past, I'm revisiting it today because it never gets old. Training isn't just something you did to check off a box; it's something you do... continually. With the cyber attackers constantly refining their...
Press Release: Duffy Compliance Services has been approved by the CMMC Accreditation Body as a candidate Certified 3rd Party Assessor Organization (C3PAO)
New Market, Maryland, February 8, 2021 – Duffy Compliance Services, a provider of cybersecurity consulting and compliance services is now approved as a candidate Certified 3rd Party Assessor Organization (C3PAO) by the CMMC Accreditation Body. The CMMC Accreditation...
What is CSF, and do you need it?
Over here at Duffy Compliance, we are all things security. But that doesn't necessarily mean that you know many of the terms (or alphabet soup) that we throw around. One term that has come up recently from some of our clients is "CSF," formally known as NIST's...
Are you prepared to self-assess?
Last month, I talked about the interim rule for CMMC and that as of November 30, 2020, contracting officers will check the Supplier Performance Risk System (SPRS) database to confirm that a contracting agency has an active SPRS Assessment prior to the award of a new...