CMMC Solutions

And you wonder how long will it take to get ready so you can take the CMMC certification for your Machining and Engineering systems? With CMMC around the corner, how long will it take your company to get ready for the certification process? Well, you must consider the following, each of which increase your timeline into 2025: 1. Besides Office 365 applications, you use other applications, such as CAD. 2. Your firm has CnC machines utilized in your manufacturing process. 3. You develop your own applications and/or business processes. 4. You don’t know if your subs are certified. 5. You share CUI with other companies. 6. You print CUI. Reach out and I can assist you on your path... Remember, there many CMMC RP and other assessment companies in the market. If you want some advice, just reach out. I look at your company on the long-term haul, not just to get you certified and bye. As I have stated in other postings, there are "Wise" people, "A"mira people and o"k"ay kyle and kelly people that can assist too. What a great CMMC community we have! Thanks to Fernando, Stuart, Terry, Chris, Steve, Ozzie, Jeremy, Beth, Robert!!! #cmmc #defensecontractors #cybersecurity #DoD

So CMMC timeline keeps ticking... On August 7, 2024, the Office of Information and Regulatory Affairs (OIRA) concluded its review of the 48 CFR proposed CMMC rule. Are you ready??? #CMMC #defensecontractors #cybersecurity #dod

I have created quite of bit of risk analysis for many verticals. I have spent years with banks, govt agencies (DoD), insurance companies, etc to help them establish risk basis for various factions. You "REALLY" have to know the business to do risk analysis, but without risk knowledge, you can't help the business. With CMMC, my background with manufacturing, software development, project management, etc, my risk analysis is always a two-way street. Meaning that the business has to want to see their risk to help you assign the risk. For CMMC that means SP 800-161 comes into play... Supply Chain Risk Management. The guidance has for "Systems" and "Companies", which means the products and services a company provides with the associated systems are in-scope for the risk analysis. This is a true integration, Cybersecurity's implementation plans, policies, plans and the associated Risk Assessments. Have you applied your risk yet??? #DOD #CMMC #defense #defensecontractor

Look at the AI article... see how defense is impacted with AI. AI, put at the right use, can be resourceful and bountiful!!! #cmmc #defense #cybersecurity

Advanced Digital Health Boosting Experiences

Well, here we are in CMMC land where activity is picking up, but many contractors are still sitting on the sideline... "Waiting, waiting, waiting...". I truly feel sorry for the contractors, because they have had a rough road. They do not trust the CMMC marketplace saying... "Now, now, now...". CMMC was supposed to be out 2022/2023, but now it is 2025! In a phased roll out... The problem with the phased roll out is that if you want to bid on any contract or be a sub, you will have to be certified. So much for a phased roll out. I have a unique approach that saved millions for a prime and thousands for small contractors. I am speaking at the Cyber week at University of Maryland/Baltimore - Wednesday the Cyber Trust Mark Day.

Impacting half of all billing for 900,000 physicians, 33,000 pharmacies, 5,500 hospitals and 600 laboratories. How many years will it take to pass cybersecurity laws like "HIPAA"? #himss24 It has taken the Department of Defense 5 years already to build the roadmap to protect the Defense Industrial Base, and it's still not law. Hopefully the "Bipartisan Infrastructure Deal" has funding to improve the cybersecurity of our critical infrastructure.

In auditing and assessing the most important and least focused on is "Attestation", especially with DoD's CMMC expectation in the Rulemaking process for continued security posture for the OSC. Definition: an attestation service or engagement is the process of engaging an auditor/assessor to provide assurance or attestation audits over services such as: examinations, reviews, or agreed-upon procedure reports.?These services can be used to gain assurance over the following subject matters: agreed-upon procedures, security statements, compliance, Management Discussion and Analysis (MD&A), and service organization. Security personnel parade with the banner, "Continuous Monitoring"! But... that is only half the battle. On Cyber Day at a top 5 prime, their new Continuous Monitoring program was unveiled. I was up next and presented Continuous Compliance. Upon conclusion of my presentation, the lead of the Continuous Monitoring piped up and said, "That is exactly what we need!". And that is what I provided the prime, ongoing Attestation. So ongoing attestation, or as I like to call it, Continuous Compliance, is so easy to design and implement. Plus, it satisfies the newly proposed CMMC rulemaking that focuses on the continued security posture by the OSC. Continuous Compliance should be in every company's security benchmark. Whether CMMC, HiTrust, GLBA or other regulatory environment, having a Continuous Compliant business environment saves money, saves time and maintains your business compliancy. You will never have to worry again about another audit, assessment or certification. This is a standard that I teach my students at my university's CMMC course for the past four years. This is a standard that I have invoked with CMMC FastTrack. This is a standard that I include with all of my assessments from Day 1 on-site. #cmmc #cyberdefense #cmmcsolutions #defensecontractors #dod #informationsecurity #aerospacemanufacturing #aerospace