May is Free: Get Your CMMC Free Readiness Assessment

 

For the entire month of May, CyberOne is offering a free readiness assessment for CMMC Certification. The Assessment is compatible with the 800-171 Assessment required by the SPRS. Click on the link below and put CMMC in the message field. We will respond with your assessment:

FREE CMMC Assessment

Fully Guided CMMC Implementation and Certification – no need for costly consultants:

CyberOne’s full suite GRC platform enables you to complete every step of the CMMC Certification process. We provide you all the tools and information you need to achieve and maintain certification on CyberOne’s highly automated, modern SaaS platform. Before you engage an MSP or consultant, check out what we can do for you. Request a demo today.

  • NIST 800-171 Control Self Assessment, SSP (get it for free here)
  • Policy Development Support
  • CMMC Control development and implementation guidance (level 1-3)
  • Automated Evidence Collection and review
  • Mitigation and Issue Management for POA&M’s, Findings and Risk Environment
  • Risk Register for proactive risk management
  • Vulnerability Scans & Analysis
  • Our Auditor-ready platform can be used in collaboration with C3PAO’s for Certification
  • Contact with C3PAO’s ready to certify you with CyberOne special pricing

 

The bridge to CMMC Certification

 

Have you completed and submitted your CMMC required 800-171Control Self Assessment and SSP to the SPRS?

 

Federal contractor or subcontractor? Are you currently exploring, or getting lost among the CMMC Certification landscape?

 

Today, we provide a step-by-step guide, and, affordable solution for each step in the process.

 

Hear here from our CEO, Lily Yeoh, on best practices for achieving and Fastracking CMMC Certification

 

Who’s (Whose?) on CMMC First?

Let’s begin with the landscape. Who requires and who needs CMMC Certification? How do we get it? How do we maintain it? How do e build a budget for it? What is the CMMC required NIST 800-171 Control Self Assessment and SSP for SPRS?

Who’s asking? Not only DoD Contracts…

It started with the DoD, but, like a virus (!), it quickly grew. Earlier in 2020, the Department of Homeland Security (DHS) is already including CMMC in its contract process. GSA is the latest to introduce CMMC language into its contract process. GSA notes it reserves the right to require CMMC in its contracts, based upon the contract and security needs.  Read more about GSA and CMMC here

Who responds? Prime and Subcontractors, and so on…

DIB’s and all subcontractors are required to be CMMC certified. This also includes the completion of the NIST 800-171 Self Assessment and a Control Mapped SSP. These must be submitted (with score) and displayed in the SPRS (Supplier Performance Risk System). “Quick tip”: It’s pronounced “Spurs” in the industry!  The more you know…

What do we do now?

CyberOne’s full suite GRC platform enables you to complete every step of the CMMC Certification process. We provide you all the tools and information you need to achieve and maintain certification on CyberOne’s highly automated, modern SaaS platform. Before you engage an MSP or consultant, check out what we can do for you. Request a demo today.

  • NIST 800-171 Control Self Assessment, SSP (see more below)
  • Policy Development Support
  • CMMC Control development and implementation guidance (level 1-3)
  • Automated Evidence Collection and review
  • Mitigation and Issue Management for POA&M’s, Findings and Risk Environment
  • Risk Register for proactive risk management
  • Vulnerability Scans & Analysis
  • Auditor-ready platform that can be used in collaboration with C3PAO’s for Certification

NIST 800-171 Control Self Assessment

Required as a starting point for all Primes and Subcontractors. Start with our fully automated CMMC required NIST 800-171 Control Self Assessment, risk score, and controls mapped to your SSP, and report-ready for submission to the SPRS. CyberOne’s platform. Add your subcontractors for assessment, starting at only $350 per assessment. Your assessment is mapped to CMMC controls in CyberOne so you can begin CMMC readiness as soon as the assessment has been completed. 

CMMC Certification and More

The key to successful compliance, and the challenge, for most enterprises, is the maintenance and effective, ongoing, implementation of controls, often across multiple frameworks. We call this continuous monitoring.

On the CyberOne platform, we will provide you with control implementation guidance, policy templates,  and sample evidence checklists to easily build your CMMC controls. We also provide access to our global obligations library and crosswalks. CyberOne offers more than 100 global regulations and standards, crosswalked to show related requirements in multiple standards. Crosswalks enable you to comply with multiple security and privacy frameworks with minimal control sets. Control Automation with CyberOne

We will guide your internal control and policy development, as well as provide gap analyses and recommendations for strengthening controls and policies. It’s all part of the CyberOne offering. CMMC, SOC2, ISO 27001 are all within comfortable reach on CyberOne’s extensible platform. 

CMMC now appearing government-wide

 

Get CMMC Level 1 Certification guaranteed for $5,000

Breaking news! New Department of Defense contractor cybersecurity standards appeared into a government-wide federal contract. This is before language around the new program has officially landed in defense contracts. The Cybersecurity Maturity Model Certification (CMMC) was included in the General Services Administration’s $50 billion STARS III contract, posted earlier this week.

CMMC is the new cybersecurity certification standards to be implemented into all DOD contracts over the next five years. All contractors require a minimum of Level 1 certification.

 

 

Contact CyberOne for more information on CMMC and Certification options

 

 

10 “more” security tips for working from home

Just recently, I had a conversation with a friend, who works for the U.S. Navy. She is overwhelmed with work as she teleworks from home because of the Covid-19. Her profession can easily be switched to telework, whereas other coworkers can’t, but that is no reason effective guidance cannot be provided. Here is what she had to say…

With the outbreak of Covid-19, we are dealing with an unforeseen occurrence, a black swan event. As a cyber professional, I hope organizations have a Continuity of Operations Plan (COOP) to initiate along with their Standard Operating Procedures (SOP). Many do have such plans, but for others, it is abundantly clear guidance is missing. It is not simply about “putting” the language into a document, “checking” the boxes, and copying off SANS Institute’s website. You need an AFFECTIVE plan than can be INITIATED, UNDERSTOOD and FOLLOWED by others.

My 10 Step Program

INFRASTRUCTURE IN PLACE:

Ensure internet connections work. Test your communication portals like Zoom, Skype, etc. Review security and privacy protocols, especially if you have roommates. Just because you are home, does not mean you be relaxed with security protocols. Consistency ensures efficiency. INVENTORY: Your organization should ensure you have access to the type of equipment you need to work remotely. You may need to take note what you have access to and communicate this effectively with management and make request for items you do not have. CLOUD-BASED CAPABILITIES: To ensure feasibility to the Internet, file-sharing, e-mail and unified communications via mobile applications, chat, etc., the right cloud-based tools need to be available. Check them.

INDIVIDUAL COMMITMENT:

As an employee, before reading up on any guides or joining a Team chat, make a commitment to yourself. This means planning, such as ensuring you cleared a space for yourself, not matter how small. Try to create a home office space, even at the kitchen table. This is your spot. Own it. STAY ORGANIZED: Create a personal “to-do list” each morning. Keep track of the time required (i.e. 8 hrs.). Consider creating your own timecard where you note hours spent on each ticket item. Ensure you have breaks and embrace the flexibility of working from home. But, at the end of the day, ensure you meet your objectives. WORK FLEXIBILITY: With being remote, you have flexibility with your start time and end time. Ideally, if doing 8 hours, you should commit to those hours. However, even I will scatter my time throughout the day or make it up on another day. It is all too easy to work during dinner, and before bed.

*Side note: I personally created my own classical music list off Spotify to ensure no distractions. I’m like a squirrel and can get excited about shiny objects, so my music keeps me on track and closed off to distractions.

COMMUNICATION:

Hopefully, your company has provided you with the right material to work remote. If not, no worries! Be accountable to yourself. You can ensure the chain of communication work. Some workers feel isolated, so it is important for your organization to maintain some sort of social contact with other employees. I suggest, if you have Office 365 or Zoom, to initiate a weekly Scrum Call at the beginning of the week and end. If this is not in place… be a star and create one or suggest it to management. DELEGATE: Embrace delegating. I’ve often come across employees who struggle with this. OVER-COMMUNICATE: Document everything to ensure colleagues are informed and information does not get lost through digital mail. I also create a Weekly Status Update or WSR (can download templates online) for my weekly meetings. I am amazed how organization and accountability and simple note taking can easily impress people.

PROFESSIONAL DEVELOPMENT AND ADVANCEMENT:

Take some time for you! Depending on how long you will be teleworking, being closed off can feel like you have fewer opportunities for training and professional development. With Covid-19, I personally think this is a great time for training! This challenge can easily be alleviated by communication between the supervisor and the employee, as well as effective performance monitoring on the part of the supervisor.