A Data-Centric Approach to Zero Trust for Public Sector

March 31, 2021 by Leave a comment

By Derek Giarratana, Supplier Manager

An organization’s data is its most important and valuable asset. This is especially true as organizations continue to move towards data-driven approaches to deliver on their missions and are more actively putting that data to work — and in remote locations no less. This means the need to protect data and maintain its accuracy and integrity is paramount.

In this series, we will explore each of these facets of data security and how it applies to IT challenges currently faced in the public sector. This first installment examines Zero Trust and how a data-centric approach addresses some of the hurdles with which public sector IT leaders struggle.

What is Zero Trust?

Aptly named, a Zero Trust approach assumes nothing internal or external to an organization’s perimeters can be trusted and should, therefore, require additional verification for access. The level of sophistication needed to meet the expectations and requirements of public sector data security lends itself to a Zero Trust model, which prompts data security experts to assess and manage data at the most granular level. With this approach in mind, data security experts are taking a fine-tooth comb to their data and paying close attention to their data management environment.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , , , , ,

What is CMMC?

March 24, 2021 by Leave a comment

By Jeff Ellinport, Division Counsel

Although CMMC has been around for more than a year, it never hurts to review what it is and why those who sell into DOD and the rest of the federal government should care.

CMMC stands for Cybersecurity Maturity Model Certification and is a new certification process to measure a company’s ability to protect sensitive government data. It is a unified standard for implementing cybersecurity across the defense industrial base. CMMC is a way for DOD — and soon after, probably civilian agencies as well — to address intellectual property theft, cybercrime and national security threats of the type evidenced by the recent SolarWinds attack.

Once fully implemented, CMMC will be an acquisition foundation, required for almost every contractor transacting business with the U.S. government.

CMMC Maturity Levels

CMMC has five maturity levels, with basic cybersecurity hygiene at a Level 1 to very robust requirements at a Level 5. These certification levels reflect the maturity and reliability of a company’s cybersecurity infrastructure to safeguard sensitive government information on contractors’ information systems. The five levels build upon each other’s technical requirements such that each level requires compliance with the lower-level requirements and then implementation and documentation of additional processes employing more rigorous cybersecurity practices.

Read more of this post

Filed under CMMC, Contracting, Market Intelligence, Sales Tagged with ,

2020 Federal Contracts: A Busy Year for New Regulations and Initiatives

December 3, 2020 by Leave a comment

By Hollie Kapos, Corporate Counsel

With all that happened in 2020, it was easy to miss some of the new regulations and initiatives impacting government contractors. This blog summarizes the key updates immixGroup has been tracking that are particularly relevant to commercial item contracting.

January-Current

GSA MAS Consolidation. Twenty-four former GSA Schedules, each for different supplies and services, were consolidated into a single schedule. We started the year in Phase II of the GSA MAS Consolidation, which was the process of updating terms and conditions to reflect the new solicitation. Phase II was completed in July, with 99% of contractors signing the mass modification. Under Phase III, which began in August, multiple vendor contracts will be consolidated into single contracts. Read more of this post

Filed under CMMC, Contracting, Market Intelligence, Sales Tagged with , , , ,

CMMC Interim Rule Includes New Compliance Requirements

October 7, 2020 by Leave a comment

By Hollie Kapos, Corporate Counsel

You never know what surprises will pop up in the last few days of the government’s fiscal year, and this year there was a big one with the Interim Rule implementing DOD’s Cybersecurity Maturity Model Certification (CMMC).

The Interim Rule (“IR”), published on September 29, 2020 and effective as of November 30, 2020, adds the widely anticipated new DFARS clause for inclusion in DOD contracts implementing CMMC: 252.204-7021 (Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement). No surprise there.

But, the IR unexpectedly came with two additional clauses, DFARS 252.204-7019 (Notice of NIST SP 800-171 DOD Assessment Requirements) and DFARS 252.204-7020 (NIST SP 800-171 DOD Assessment Requirements), which require the immediate attention of federal contractors and their subs.  Read more of this post

Filed under CMMC, Contracting, Market Intelligence, Sales Tagged with , ,

CMMC – Will the COTS Exception Apply to Me?

September 10, 2020 by Leave a comment

By Jeff Ellinport, Division Counsel

CMMC, DOD’s Capability Maturity Model Certification, will require almost all government contractors doing business with the Department of Defense to be independently certified by a third party as meeting one of five cyber security standards. This requirement will apply to every link in the government’s supply chain – including OEMs, distributors and resellers.

To the relief of many contractors, DOD updated its CMMC FAQs a few months ago to provide this exception (the only one so far): CMMC certification will not be required for companies that only provide commercial off-the-shelf (COTS) items. 

Under NIST SP 800-161, COTS is defined as “Software and hardware that already exists and is available from commercial sources.” Under FAR 2.101, COTS means any item of supply, other than real property, that is: Read more of this post

Filed under CMMC, Contracting, Market Intelligence, Sales Tagged with , ,

Top Trending Technologies in DOD for 2020

April 24, 2020 by Leave a comment

By Toné Mason, DOD Senior Analyst

FY20 has truly been the year of technology acceleration within the Department of Defense. Our world has never been more capable technology-wise than it is today. The arrival of 5G and the new challenges brought on by a rapidly expanding remote workforce have catapulted the adoption of new and innovative technologies.

The DOD is at a point where they are looking to gain a better understanding of currently available technologies and applying them where it makes the most sense. Below are some of the key areas the DOD is focused on right now.

Data Integrity

Data integrity is one of the essential areas. As the need for transparency increases and desire to expand more into AI and machine learning, there has been more of a realization that DOD’s data is not consistent, not all data is being recorded and data is incomplete. Read more of this post

Filed under CMMC, Market Intelligence, Sales Tagged with , , , ,

If You Sell to DOD, Pay Attention to CMMC

February 6, 2020 by Leave a comment

By Troy Fortune, Vice President & General Manager

You’ve probably heard that the Department of Defense (DOD) recently released the official version 1.0 of its new Cybersecurity Maturity Model Certification (CMMC 1.0).

This is one of the hottest topics in government contracting right now and immixGroup is following developments very closely. And, it will affect everyone in our industry who sells to DOD – resellers, distributors and OEMs. 

As a quick refresher, this is a cybersecurity standard that all contractors must meet if they want to do business with DOD. As we’ve discussed before in a previous blog, the standards themselves are taken from existing ones. With CMMC 1.0, we now have more clarity on what the 5 levels of CMMC entail: Read more of this post

Filed under CMMC, Contracting, Market Intelligence, Sales Tagged with , , ,

Tips for Preparing for DOD’s New CMMC

December 18, 2019 by 3 Comments

By Hollie Kapos, Corporate Counsel

The Cybersecurity Maturity Model Certification (CMMC) has been one of the hottest topics in government contracting this year. In fact, one of my colleagues addressed the topic in a blog on DOD and CMMC just a few months ago.

And no wonder everyone’s talking about it – it applies to ALL companies doing business with DOD, including OEMs, distributors and resellers. Here’s some basic information to help you prepare no matter where you are in the supply chain.

What is CMMC?

Intellectual property theft and cybercrime cost the United States billions of dollars and threatens national security. In order to protect government information from theft and other malicious cyber activity, DOD is making cybersecurity an acquisition foundation. Accordingly, DOD is developing the Cybersecurity Maturity Model Certification – a certification process to measure a company’s ability to protect sensitive government data.

Read more of this post

Filed under CMMC, Market Intelligence, Sales Tagged with ,

New Security Requirements Coming to DOD Acquisition in 2020

August 7, 2019 by Leave a comment

Lloyd McCoy Jr.Cyber security network concept. Master key connect virtual networking graphic and blur laptop with flare light effectBy Lloyd McCoy, Market Intelligence Manager

Starting next summer, anyone selling IT to the Department of Defense will need to be certified by the Cybersecurity Maturity Model Certification (CMMC) in order to compete for contracts.

The CMMC is a set of security standards that will start appearing in RFIs in June 2020 and will apply to all defense acquisitions by September. The CMMCs will represent security maturity levels and will have five levels, each with their associated security controls and processes. Level 1 will likely be like what we consider basic hygiene, with Level 5 describing the very best in security practices. The level needed will depend on the contract and will be used to determine whether a vendor makes the cut. Details on what each of the levels contain are scant right now but expect more information in the coming months as the Department collects public feedback. Read more of this post

Filed under CMMC, Market Intelligence, Sales Tagged with , ,

%d bloggers like this: