June 2024 Totem Tech Newsletter -- Supply Chain Risk Management Planning

Federal government contractors that handle Controlled Unclassified Information (CUI) must implement the National Institutes of Standards and Technology (NIST) cybersecurity standard 800-171.? In May 2024, NIST released revision 3 of that standard, which includes a new “family” of safeguards for CUI called “Supply Chain Risk Management”.? One of the safeguards requires contractors to develop, maintain, and protect a Supply Chain Risk Management Plan.? In our latest post we explore the NIST Supply Chain Risk Management (SCRM) requirements and provide an overview of how small businesses can perform SCRM.? You can download a Supply Chain Risk Management Plan template at the end of the post.

Totem launches Single-User ZCaaS?

Totem Tech is now offering our Zero Client as a Service (ZCaaS?) secure CUI enclave for the smallest of micro businesses.? With Single-User ZCaaS, you'll get all the features of ZCaaS?, including unlimited one-time file sharing through our SafeShare.? We'll also put together a POA&M for you so you can work on the compliance items ZCaaS? doesn't handle, such as your Incident Response Plan.? All for a low monthly fee.? So if you'd like to take advantage of the simplicity and cost savings of entirely cloud-based and CMMC-ready enclaves, contact Totem Tech and we can get ZCaaS? up and running for you in minutes.?

NIST has released final revision 3 of 800-171 and -171A

NIST has released the final cut of the 800-171 revision 3 "rev 3" or "r3", as well as the final version of the 800-171Ar3 Assessment Objectives. We'll be doing a deeper dive analysis of rev3 in the coming weeks, but for now, our previous analysis of the final public draft (fpd) of rev 3 pretty much covers rev 3 final, as not a whole lot changed between fpd and final.

However, we have had several clients reach out asking how to find the FAR 52.204-21 requirements in 800-171r3. We used to call these the "FAR 17", because in rev 2 of 800-171 (the rev DoD contractors are worried about for the time being, BTW) the FAR 52.204-21 was represented by 17 controls. In rev 3, however, the FAR clauses are represented by only 14 controls, as shown in the image below. Finding the FAR 52.204-21 in rev3 is not too tricky, but it is definitely not as cut-and-dry as in rev 2.

Totem's Trusted Partner Program

Totem has made our Trusted Partner Program (TPP) even simpler.? We now offer all Trusted Partners a flat 30% discount off all our Eligible Products. So Managed Service Provider (MSP) Partners can pass through even deeper discounts to their customers.

As a partner, you can offer a suite of Totem's CMMC-related tools, such as our ZCaaS? CUI Enclave and our Totem? CCM.

By joining Totem’s TPP as a trusted MSP partner, your company will align with a team of CMMC-oriented organizations dedicated to delivering the highest standard of support to DIB clients across the country.? You can apply for the Partner program on our partner page.

Q3 2024 CMMC Readiness Workshops

June is the last month to save on our Q3 2024 CMMC Level 1 and CMMC Level 2 Readiness Workshops, which kick off in July. We'd love for you or your clients to join us and learn how to build a compliant cybersecurity program and prepare for the forthcoming CMMC assessments.? 200+ companies have participated in our Workshops, after which they are cybersecurity "DIB Ready".? Save 5% during the month of June by using code "CMMC5" at checkout!

Learn more here >>

Attention Apex Accelerator counselors, MEP account managers, SBDC advisors, and Prime contractor supply chain managers: we also offer significant discounts to our partners that have several client companies ready to participate in a dedicated Workshop cohort.? Find out more here. We also offer free CMMC Level 1 versions of our Cybersecurity Compliance Management software for your organization.? Contact us for free access!

Upcoming Totem Tech appearances

We are always honored to be invited to present or exhibit for our peer small business DoD contractors on DFARS / NIST / CMMC compliance.? We're happy to do free one-hour presentations for MEPs, Apex Accelerators, and other national trade organizations. If you're interested in a free webinar on Government contractor cybersecurity requirements, contact us!

Here's a list of our upcoming events, with sign up links where available.? Come join us!

• DoD Cybersecurity Compliance for Contractors.? Adam Austin, live workshop at Tech Connect World.? National Harbor, MD, 19 June.
• CMMC Overview.? Adam Austin, live webinar with Northwest Native APEX Accelerator.? 18 July.? (Link TBA).
• CMMC Level 1 in Layperson's Terms.? Adam Austin, live webinar with UTSA APEX Accelerator. 11 September.? (Link TBA)
• OK APEX Accelerator ICBS Show.? Totem Tech and GladiusIT co-booth and CMMC presentation.? Oklahoma City, OK, 7-9 October.

Join our free monthly live Town Halls!

Last Thursday of each month

Join our cybersecurity experts and other small business DoD contracting peers for a discussion of the latest on DFARS, NIST, and CMMC.

• Free to our subscribers/clients
• Extended Q&A session

Sign Up Here >>

SBIR Corner

Presented by our friends at BBC Entrepreneurial Training & Consulting

Each month, we'll work with our partners at BBCetc to highlight the latest DoD Small Business Innovation Research (SBIR) opportunities and information.? Check out BBCetc's readiness assessment form as a no-cost way to get started with SBIR.? Also, consider signing up for their monthly newsletter.

Department of Energy (DoE) SBIR applications may want to check out Totem's Knowledge Base post on the DoE requiring SBIR Phase II applicants to fill out and submit a Cybersecurity Performance Goals (CPG) checklist, which CISA bases on the NIST Cybersecurity Framework (CSF).? Contact Totem Tech if you need help responding to the CPG request.