March 2025 Totem Tech Newsletter -- What the heck is device authentication?
An AI generated image of two dogs guarding a gate, as a figurative representation of device authentication.

March 2025 Totem Tech Newsletter -- What the heck is device authentication?

Totem Tech Totem Tech

Totem Tech

Cybersecurity Compliance Simplified

发布日期: 2025年3月25日
+ 关注

All federal government contractors handle Federal Contract Information (FCI) in some form or another.? It's important to note that FCI is not just handled by large tier 1 prime contractors, but by business all down the supply chain, including small business suppliers and vendors. ?Businesses that handle FCI are required by the FAR 52.204-21 contract clause to implement some basic cybersecurity safeguards to protect that FCI. ?(The lone exception for this clause is for Commercial Off The Shelf (COTS) item suppliers.) ?When a business uses networked Information Technology (IT) assets – such as workstations, servers, mobile devices, routers, and Wi-Fi access points — to handle FCI, the business must apply some of those safeguards to those devices. ?One of these safeguards requires “device authentication.” ?Those of us in the DoD supply chain will need to assess our implementation of device authentication as part of the Cybersecurity Maturity Model Certification (CMMC). ?However, device authentication can be a confusing topic for small businesses, so in our latest post we describe what it is, why it is important, and a couple of ways to implement it.?

CMMC Phase-in Timeline

The CMMC framework rule is now fully being realized: several organizations have now achieved CMMC Level 2 certification.

Note that there is a second rule in the works -- which won't be finalized until sometime in 2025 -- that allows the DoD to contractually obligate its supply chain to adhere to the CMMC framework. Importantly, a memo from the DoD indicates that once Phase II kicks in, contractors that handle Covered Defense Information -- i.e. CUI of a technical, facility, nuclear, or safety investigation nature -- must obtain a certification (C3PAO assessment) under the CMMC framework. This memo is consistent with the CMMC framework rule, which indicates that 95% of DoD contractors that handle CUI will need a CMMC Level 2 certification.

The current timeline for CMMC implementation is depicted below.? The purple blue bar on the timeline indicates how long it takes on average for a small business starting from scratch to implement the NIST 800-171 standard, which is associated with CMMC Level 2.? The green bar is indicates how long it typically takes for CMMC Level 1.


A timeline graphic depicting the contractual phasing in of the CMMC clause ?2025 Totem Technologies

CMMC Level 1 Facilitator certification program

Totem Technologies and Govology are excited that we will soon be able to announce our first cadre of certified CMMC Level 1 Facilitators.? These individuals have been through our CMMC Level 1 Readiness Workshop and passed a written and oral exam under our certification and resource licensing program.? Stay tuned for the official announcement!

As a certified CMMC Level 1 Facilitator, you'll be able to effectively interpret the CMMC Level 1 (FAR 52.204-21) safeguards to your clients, lead them through gap assessments, and help them plan implementation.? You'll have access to all our CMMC-related tools and resources, including a branded Learning Management System (LMS), Workshop materials, and a subscription to our Cybersecurity Compliance Management tool.

Persons associated with the following organizations are eligible for this certification:

  • APEX Accelerator counselors,
  • Manufacturing Extension Partnership (MEP) advisors,
  • National Contract Management Association (NCMA) professionals,
  • Small Business Development Center (SBDC) advisors,
  • Other non-profit business support centers, and
  • Prime Contractor supply chain managers

You can find out more here.

CMMC Level 1 compliance package

Totem Technologies offers a comprehensive CMMC Level 1 compliance package. By subscribing to this package, small business government contractors can establish a secure environment in which their users can handle Federal Contract Information (FCI) on mobile devices and workstations. Our approach ensures adherence to FAR 52.204-21 and CMMC Level 1 reporting requirements.

The package includes the following, for up to 10 users:

  • Endpoint container / protection / scanning
  • Totem? Cybersecurity Compliance Management (CCM) tool subscription with custom CMMC Level 1 security plan and assessment results
  • Annual CMMC Level 1 assessment, reporting, and affirmation support session
  • Annual administrator and staff user training

Pricing can be found here.? Contact us for more information.?

Totem's Trusted Partner Program

Totem Tech's Trusted Partners receive a flat 30% discount off all our Eligible Products. As a partner, Managed Service Providers (MSP) can pass through deep discounts on Totem's suite of CMMC-related tools, such as our Totem? CCM.

By joining Totem’s TPP as a trusted MSP partner, your company will align with a team of CMMC-oriented organizations dedicated to delivering the highest standard of support to DIB clients across the country.? You can apply for the Partner program on our partner page.

领英推荐

Q2 2025 CMMC Readiness Workshops

There are only a few seats left in our Q2 2025 CMMC Readiness Workshops, which begin 7 April 2025.? We anticipate a full house as the CMMC contracts rule nears finalization, so don't delay your registration!

?

In the Workshops you'll learn how to build a compliant cybersecurity program and prepare for the forthcoming CMMC assessments.? 300+ organizations have participated in our Workshops, after which they are cybersecurity "DIB Ready".? Save 5% during the month of March by using code "CMMC5" at checkout!

Learn more here >>

Attention APEX Accelerator counselors, MEP account managers, SBDC advisors, and Prime contractor supply chain managers: we also offer significant discounts to our partners that have several client companies ready to participate in a dedicated Workshop cohort.? Find out more here. We also offer free CMMC Level 1 versions of our Totem? Cybersecurity Compliance Management software for your organization.? Contact us for free access!

Upcoming Totem Tech appearances

We are always honored to be invited to present or exhibit for our peer small business DoD contractors on DFARS / NIST / CMMC compliance.? We're happy to do free one-hour presentations for MEPs, APEX Accelerators, and other national trade organizations. If you're interested in a free webinar on Government contractor cybersecurity requirements, contact us!

Here's a list of our upcoming events, with sign up links where available.? Come join us!

  • CMMC Small Business Level of Effort.? Webinar hosted by IHCC APEX Accelerator.? Wednesday 26 March, 12 PM Eastern.? Registration link forthcoming.
  • CMMC Breakout Session.? In-person at the Tribal Edge Summit, Washington DC.? Friday April 25, 9 AM Eastern.
  • How to perform and report CMMC L1 self-assessment.? In-person presentation at NAPEX Chicago.? Tuesday 6 May, 3:30 PM Central.
  • CMMC Presentation.? In-person at the Maine / NH APEX Accelerator Meet the Buyers Matchmaking event.? Thursday 15 May.?
  • Government Contractor Cybersecurity 1/2 day Workshop.? In-person at the TechConnect World conference, Austin, TX.? Wednesday 11 June.?
  • CMMC Small Business Level of Effort.? Webinar hosted by UAH APEX Accelerator.? Wednesday 25 June, 11 AM Eastern.? Registration link forthcoming.

Join our free monthly live Town Halls!

Last Thursday of each month

The best way for small business DoD contractors to ask our experts and your peers CMMC-related questions is to join our FREE monthly Town Halls.

  • Free to our subscribers/clients
  • Extended Q&A session

Sign Up Here >>

SBIR Corner

Presented by our friends at BBC Entrepreneurial Training & Consulting

Each month, we'll work with our partners at BBCetc to highlight the latest DoD Small Business Innovation Research (SBIR) opportunities and information.? Check out BBCetc's readiness assessment form as a no-cost way to get started with SBIR.? Also, consider signing up for their monthly newsletter.? This month's newsletter listed several tips for how to understand and adapt how recent administration policy changes may affect SBIR/STTR programs.? Other DoD SBIR items include:

  • Army SBIR xTechPacific 2025 Competition Call for concept white papers and technology demonstration videos. Submission Dates: Open for submission Mar 5 - Apr 2, 2025 https://www.xtech.army.mil/competition/xtechpacific-2025/ Up to twelve (12) finalists will receive a cash prize of $20,000 each and an invitation to participate in a live experimentation event with a panel of Army and DoD subject matter experts (SMEs) in Fall 2025. Final winners of the competition with technologies that demonstrate sufficient maturity for direct prototype development will have the opportunity to submit a D2PhII Army SBIR proposal worth up to $2 million!?
  • DOD SBIR 25.2 / STTR 25.B Pre-Release: 4/2/25 Open: 4/23/25 Proposals due: 5/21/2525 Details here?

Department of Energy (DoE) SBIR applicants may want to check out Totem's Knowledge Base post on the DoE requiring SBIR Phase II applicants to fill out and submit a Cybersecurity Performance Goals (CPG) checklist, which CISA bases on the NIST Cybersecurity Framework (CSF).? Contact Totem Tech if you need help responding to the CPG request.


Totem Tech Monthly Newsletter Totem Tech Monthly Newsletter

Totem Tech Monthly Newsletter

230 位关注者

订阅

要查看或添加评论,请登录

Totem Tech的更多文章

社区洞察

其他会员也浏览了