CMMC 2.0 Level 2 Compliance Framework Overview
The control structure for CMMC 2.0 Level 2 can be understood as a hierarchy that progresses from broad domains to specific verification criteria. At the highest level are control families—fourteen in total. In CMMC 2.0, a control family is a grouping of related security requirements organized around a shared cybersecurity domain (for example, Access Control, […]
Cybersecurity Compliance and the Future of the Defense Industrial Base: Strengthening Small Business Participation
Small and medium-sized businesses (SMBs) constitute a foundational component of the Defense Industrial Base (DIB) and play a disproportionate role in the development and diffusion of advanced technology. These firms account for 43 percent of high-tech employment in the United States and produce sixteen times more patents than large firms, reflecting their importance as drivers […]
What is “FIPS-validated” cryptography in CMMC 2.0 / DFARS 7012?
If you’re implementing CMMC 2.0 Level 2 or DFARS 252.204-7012, you’ll encounter NIST SP 800-171 Rev 2 Control 3.13.11. This control requires you to “…employ FIPS-validated cryptography when used to protect the confidentiality of CUI (Controlled Unclassified Information).” It’s derived from NIST SP 800-53 Rev 5 (SC-13): https://lnkd.in/ejPQCvsE The current cryptography standard is FIPS 140-3, […]
What is DFARS 252.204-7012 and how does it relate to CMMC 2.0 Level 2?
Few things are as opaque or Byzantine as cybersecurity—especially for DoD (Department of Defense) contractors and subcontractors that handle CUI (Controlled Unclassified Information) and need to worry about compliance with DoD regulations. What is DFARS 7012? DFARS 7012 is a mandatory clause included in all DoD contracts (excluding COTS items) that requires contractors and subcontractors […]
CDI in DoD Contracts: The Key Types of Information You Must Safeguard
Covered Defense Information (CDI) is the Department of Defense’s umbrella term for unclassified information that still requires protection when handled by defense contractors. The formal definition comes from DFARS 252.204-7012, which says CDI includes “unclassified controlled technical information or other information, as described in the CUI Registry, that requires safeguarding or dissemination controls” and is […]