Totem Technologies Newsletter -- November 2023
What the heck is: Vulnerability Management in CMMC?
Microsoft.
When you read this word, what goes through your mind? ?Is it joy? Perhaps frustration? Maybe it’s robust features like Azure. ?What about Azure Virtual Desktop (AVD); the very thing Totem’s ZCaaS? CUI enclave is built on? ?Of all the options the latest game of computer word association has generated, we would be surprised to hear “Vulnerability Management” in any of your responses. ?For those of us in the Defense Industrial Base (DIB) that handle Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), and are pursuing a Cybersecurity Maturity Model Certification (CMMC), we have become (or will eventually become) all too familiar with vulnerability management. ?As we forge ahead in our implementation of NIST 800-171 and prepare to undergo a CMMC assessment, it is crucial that we understand both the expectations for vulnerability management under National Institute of Standards and Technology (NIST) 800-171, as well as the tools available to us for doing so. Our latest "What the heck?" post attempts to dissect these requirements while looking at tools DIB members are using today for vulnerability management, including those offered by Microsoft. Read more here at our blog.
ZCaaS? 2.0 is now live
Totem is excited to announce a major upgrade to our Zero Client as a Service? (ZCaaS) secure CUI enclave: ZCaaS 2.0 featuring Azure Government-based ephemeral virtual desktops.? These Azure Virtual Desktops (AVD) replace the ZCaaS? 1.0 Browser and Workstation, providing a quick booting, all-in-one cloud-based user experience, with no hardware required.? Any government information you handle in the ZCaaS AVD will not persist, alleviating any worries about data-at-rest encryption.? And all AVD are rebuilt daily, mitigating the risk of persistent malware in the environment.? You'll be able to edit Windows Office documents as well as PDF and ZIP files directly in the AVD.?
Non-persistence has another benefit: low-cost.? Because we aren't storing any information on disk, we don't have to pay for cloud data storage.? We pass these cost savings on to our customers.
For files you need to store long-term, we still partner with Cocoon Data for our ZCaaS SafeShare.? SafeShare provides security storage for ITAR and Controlled Unclassified Information (CUI), encrypted with FIPS-Validated encryption modules.? You can reach SafeShare from within the ZCaaS enclave.? With the release of version 2.0, ZCaaS becomes a more efficient CUI enclave, in which government information never has to touch your on-premise IT infrastructure.? ZCaaS? saves DoD contractors the time and money hassle of hardening their IT system or having to pay for security monitoring.? We take care of that all for you.?
If you or a client is interested in using our ZCaaS secure CUI enclave, let us know!?
Q1 2024 NIST 800-171 / CMMC Workshop
Registration is now open for our Q1 2024 Workshop, which starts 15 January.? We'd love for you or your clients to join us and learn how to build your DFARS-compliant System Security Plan, Plan of Action and Milestones, and Incident Response capabilities.? We also cover how to prepare for the forthcoming CMMC assessments.? 200+ companies have participated in our Workshops, after which they are cybersecurity "DIB Ready".? Save 10% during the month of November by using code "CMMC10" at checkout!
Attention Apex Accelerator counselors, MEP account managers, SBDC advisors, and Prime contractor supply chain managers: we also offer significant discounts to our partners that have several client companies ready to participate in a dedicated Workshop cohort.? Find out more here.
Upcoming Totem Tech presentations and exhibitions
We are always honored to be invited to present or exhibit for our peer small business DoD contractors on DFARS / NIST / CMMC compliance.? We're happy to do free one-hour presentations for MEPs, Apex Accelerators, and other national trade organizations. If you're interested in a free webinar on Government contractor cybersecurity requirements, contact us!
Here's a list of our upcoming events, with sign up links where available.? Come join us!
领英推荐
SBIR Corner
Presented by our friends at BBC Entrepreneurial Training & Consulting (BBCetc)
Each month, we'll work with our partners at BBCetc to highlight the latest DoD Small Business Innovation Research (SBIR) opportunities and information.? Check out BBCetc's readiness assessment form as a no-cost way to get started with SBIR.? Contact BBCetc for more information on these specific topics:
Required new foreign influence disclosures
DOD now has MANDATORY foreign disclosures and other important programmatic changes as required by the SBIR and STTR Extension Act of 2022 (Pub. L. 117-183). These updates can be found in the 23.3 Broad Agency Announcement (BAA). Proposals that do not include the completed Foreign Affiliations Disclosure (Attachment 2) in Volume 5 will be deemed noncompliant and will not receive an evaluation. Small business concerns are highly encouraged to review the full BAA to remain apprised of any additional recent programmatic changes.
How to stay in contact with Totem Technologies
Follow us on LinkedIn
Here's our company page: Totem Tech | LinkedIn
Follow our Knowledge Base posts
We post frequently about small business cybersecurity topics at our Knowledge Base: https://www.reddit.com/r/TotemKnowledgeBase/. Request to join our community at [email protected], or just simply follow that page.
Sign up for our email newsletter
If you'd like to receive this newsletter in your email each month, fill out the contact us form here: https://www.totem.tech/contact/
Join our free monthly live Town Halls, last Thursday of each month
Join our cybersecurity experts and other small business DoD contracting peers for a discussion of the latest on DFARS, NIST, and CMMC.