IntelliGRC

??Webinar Alert?? Navigating the maze of cybersecurity strategies can be overwhelming, especially when your clients are already inundating you with to-dos.??? Imagine having the chance to learn directly from industry leaders on crafting a strategic framework to streamline your tools, processes, and procedures.?? Mark your calendar for this Thursday, March 20th, as Huntress hosts special guests, including our very own IntelliGRC Founder, Ozzie Saeed, for an insightful webinar on how to make a security framework that works for you. Discover how a thoughtful approach to cybersecurity can revolutionize your operations and elevate your client relationships. Don't miss out! Registration for ??"Community Fireside Chat | Security: Is it Luck or Framework?"?? in the comments. #Cybersecurity #Frameworks #Compliance

??? Exciting News! We're thrilled to announce the release of the first part of our podcast episode featuring Bridget Wilson, CISSP, CMMC RP from Network Coverage our new partner. Join Steven Molter, CISSP, CCP and Bridget as they touch on some of the most pressing issues facing the industry. In this episode, we delve into critical topics such as the Cybersecurity Maturity Model Certification (CMMC) and its implications for Managed Service Providers (MSPs) working with Defense Industrial Base (DIB) clients. We also explore the importance of empathy in business, learning from failures, and other essential Governance, Risk, and Compliance (GRC) topics. Don't miss out on Bridget's expert insights! The link to the episode is in the comments! Like, Share, and Comment your thoughts as well! #Partnerships #NetCov #IntelliGRC

?? Breaking News! IntelliGRC and Network Coverage have joined forces in an exciting strategic partnership.?? With IntelliGRC's cutting-edge platform now at their disposal, Network Coverage, a top player in managed IT and cybersecurity services, is set to deliver CMMC compliance to their clients. This dynamic alliance promises to revolutionize the way organizations achieve superior cybersecurity compliance.??

DYK??? MSPs typically provide critical security functions to an OSA. The role of the MSP is particularly relevant when they fall under the category of Security Protection Assets (SPA)???. According to CMMC Scoping Guidance, Security Protection Assets are explicitly part of the assessment scope!?? Throughout the rollout of CMMC 2.0, the compliance community has had endless questions about how MSPs fit in to the equation and how best to approach the topic of scoping with their services. While we can't answer every question on behalf of all C3PAOs and their interpretation of the topic, we can provide some guidance based on our experience from several CMMC JSVAs and Assessments so far, and from what we've found there's more ways that service providers can help their clients proactively.?? ??Take a look from the right angle at the relationship between MSPs and OSAs in our most recent article from Ozzie Saeed: "MSPs as SPAs to Support OSAs? Understanding the role of MSPs in CMMC Certification for their clients" Link in the comments.

DYK??? MSPs typically provide critical security functions to an OSA. The role of the MSP is particularly relevant when they fall under the category of Security Protection Assets (SPA)???. According to CMMC Scoping Guidance, Security Protection Assets are explicitly part of the assessment scope!?? Throughout the rollout of CMMC 2.0, the compliance community has had endless questions about how MSPs fit in to the equation and how best to approach the topic of scoping with their services. While we can't answer every question on behalf of all C3PAOs and their interpretation of the topic, we can provide some guidance based on our experience from several CMMC JSVAs and Assessments so far, and from what we've found there's more ways that service providers can help their clients proactively.?? ??Take a look from the right angle at the relationship between MSPs and OSAs in our most recent article from Ozzie Saeed: "MSPs as SPAs to Support OSAs? Understanding the role of MSPs in CMMC Certification for their clients" Link in the comments.

CUI-CON 2025 Is Live! The IntelliGRC team is down in Tampa??? showcasing the platform and engaging with industry leaders and peers. ??Already, we've made some great connections and demonstrated the awesome power of our intelligent solution for your GRC needs. Even if this is your first time hearing about us or learning about CMMC, ask our team about our CMMC Assessment experiences and our strategies on how to address ESPs. If you're currently attending, you can meet Kyle McCarthy, Steven Molter, CISSP, CCP and Roberto J. Quinones at Table 5. Ask them the tough questions and the questions you don't think anyone else can answer, these guys are the real experts!??

CUI CON is fast approaching! In a few days Kyle McCarthy, and Steven Molter, CISSP, CCP will be in Tampa to share crucial insights around CMMC implementation and how IntelliGRC is pushing the bounds of GRC solutions. Are you an MSP looking to implement CMMC internally, or want to offer a robust compliance offering to your clients? Are you in charge of your company’s CMMC implementation and you need guidance? If you fit any of those descriptions, then it is critical that you come by Table 5 and talk to our team about how we can help put compliance in your corner! Thursday (2/27) – Friday (2/28) All day! P.S. - This event has sold out! If you aren't going to have the opportunity to go but still want to touch base with our team, drop us a line in the comments!

??The answer to the age-old question, "Can you take me higher?" has now been answered. IntelliGRC can in fact take you higher now that our MS Entra ID integration works with GCC High!?? Organizations that utilize ??Microsoft 365 Government Community Cloud High?? (GCC-High) environment can now send information directly to your tenant! This enables you to capture an accurate asset inventory, expedite boundary scoping, and make sure your environment is up-to-date. While not everyone needs a GCC-High license, even for CMMC 2.0, the determination falls on the type of data your contracts involve. GCC-High environments are secure enough to meet the requirements for handling CUI, CTI, and ITAR.?? IntelliGRC is committed to providing the best resources and capabilities for our customers. The addition of GCC-High is another milestone in the development of our robust integration’s platform. We have many more services we are working toward incorporating. Is there an integration you've been dying to see in a GRC tool? Do you want to know more about the GCC-High integration? ??Get in touch! Drop us a comment or send an email with GCC High in the subject line to [email protected] #cybersecurity #GCC #GCCHigh #CMMC

There are many MSP focused events, but few are quite like https://bit.ly/4jVQevR. With a plethora of resources and speakers discussing topics impacting our industry, Right of Boom continues to be a top-tier event for connecting platforms like IntelliGRC with organizations that need us the most. This year, Kyle McCarthy will be there to engage with community peers and learn more about how we can help solve the pain points MSPs face with cybersecurity compliance. We expect him to get a lot of questions about CMMC and how service providers can make compliance a part of their offerings. If you plan to attend and want to link up, drop a comment below! #rightofboom #CMMC #MSPs

?? Assessment prep advice! I've had a couple questions recently related to the 10-day re-evaluation and 180-day POA&M closeouts under the final rule. So, here's a quick reminder as to what the rule says and what it means for an organization that is getting assessed (OSC - organization seeking certification). ? 10-Day Re-evaluation Requirement Sources: ? The CMMC Assessment Process Section 2.15 ? The 32 CFR (CMMC Final Rule) §170.17(c)(2) According to the 32 CFR and the CAP, after your company goes through the assessment which results in NOT MET requirements, you have 10 days to fix any issues with your implementation of the control and prove it to the C3PAO with evidence as long as your fix to the implementation doesn't nullify or harm your implementation on another requirement that was considered MET. Additionally, this all has to be completed prior to the Assessment Findings Report being delivered and debriefed. This goes for ANY of the CMMC/800-171 requirements that were marked as NOT MET. ? POAM closeouts: Requirement Sources: ? The CMMC Assessment Process Section 3.5 ? The 32 CFR (CMMC Final Rule) §170.21 According to the 32 CFR, POA&Ms are allowed for 180-days while being granted a conditional certification status as long as the following conditions are met: 1. Your overall score from the assessment (Phase 2 of the CAP) must be 80% or higher (88 score based on the CMMC Assessment Methodology contained in the 32 CFR final rule.) 2. The NOT MET requirements to be POA&M'd are not greater than 1-point values from the Assessment Methodology. (There are also limitations and nuances on certain 1-pointers and a 3-pointer exception so reference §170.21 for more details.) I hope this is a helpful refresher for what to expect for upcoming CMMC Assessments! Happy implementing! #CMMC #DoD #C3PAO #IntelliGRC #CUI #DFARS #FAR #governance #cybersecurity #NIST800171