Select Page

Cybersecurity

Cybersecurity Banner

 

 

What is Cybersecurity?


Cybersecurity processes and technologies help protect systems from unauthorized access and cyber crime. It is the protection of devices, applications and data that are part of an interconnected system.

Why does it matter?


Businesses with a strong cybersecurity plan are able to identify and mitigate risks and respond to threats and attacks, allowing them to reduce downtime and costs often associated with a cyber attack.

Where will it take me?


Cybersecurity planning will raise the role of security in an organization, allowing you to ensure that all employees, including business leaders, take part in keeping your data, devices, applications, and processes protected from disruption.

 

Cybersecurity Planning and Cyber Resiliency

Small businesses are increasingly becoming targets of cyber attacks. The latest data shows that 43% of all cyber attacks have been perpetrated against small business. About 60% of these small businesses lack the cyber resiliency to survive and cannot recover. (Verizon’s Data Breach Investigations Report) Cyber resiliency is a business’ ability to prepare for, respond to, and recover from cyber attacks. Limiting the impact of an attack, defending against attacks and continuing operation after attacks are all part of a business’ resiliency.
 

Free Courses and Resources

Introduction to Cybersecurity

Introduction to Cybersecurity

This eLearning module provides an introduction to:

  • Common cybersecurity terms
  • Cyber crimes, attacks and threats
  • The three pillars of cybersecurity
  • Cybersecurity risk assessment

ACCESS NOW

Controlled Unclassified Information (CUI)

Controlled Unclassified Information (CUI)

By completing this high-level overview of the CUI, you should be able to:

  • Explain what CUI is and why it matters to contractors bidding on Federal contracts
  • Differentiate CMMC from other earlier data protection standards
  • List some of the reasons CUI protection is needed, and what it helps correct
  • Describe the process for identifying CUI

ACCESS NOW

Cybersecurity Toolkit

Cybersecurity Toolkit

Included with this education and awareness toolkit are:

  • Interactive lessons
  • Video lectures
  • Awareness flyers and animated short videos to enhance your business’ cybersecurity awareness training
  • And a complete gap assessment, planning and documentation tool for NIST 800-171 compliance

ACCESS NOW

 

More Resources for Small Businesses and Manufacturers

 

DFARS Cybersecurity Requirements and CMMC

DFARS Cybersecurity Requirements

DFARS Cybersecurity Requirements

 

Clause 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting

If your company provides products being sold to the Department of Defense (DoD), you are required to comply with the minimum cybersecurity standards set by DFARS.

All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards. Contractors who do not meet these minimum standards risk losing their DoD contracts and losing out on future contract bids.

This DFARS subpart applies to contracts and subcontracts requiring contractors and subcontractors to safeguard covered defense information that resides in, or transits through, covered contractor information systems by applying specified network security requirements. It also requires reporting of cyber incidents.

DFARS provides a set of adequate security controls to safeguard information systems where contractor data resides. Based on NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations”, manufacturers must implement these security controls through all levels of their supply chain.

DFARS requirements also include developing a plan of actions and milestones (POAM) and system security plan (SSP).

 

DFARS: Additional Resources:

CMMC Cybersecurity Maturity Model

CMMC: Cybersecurity Maturity Model Certification

 

The Cybersecurity Maturity Model Certification (CMMC) 2.0 aims to protect Federal Contract Information [FCI], unclassified information that is to be protected from public disclosure, and Controlled Unclassified Information [CUI], information that requires safeguarding or dissemination controls.

While DFARS 252.204-7012 allowed businesses to “self-attest” to compliance with NIST SP 800-171, CMMC 2.0 will require businesses to demonstrate compliance according to a three-tiered maturity system which will require “triennial third-party assessments for critical national security information; annual self-assessment for select programs.” Any organization in the DoD supply chain that processes, stores and/or transmits CUI as well as any organization that provides protection for CUI/FCI are required to demonstrate their compliance with CMMC.

There are three levels within the CMMC. The most common expectation will be for businesses to demonstrate compliance with level 2, demonstrating cybersecurity practices in line with the 110 controls within NIST 800-171 prior to being awarded a contract. The required level for a contract will be determined by the type and amount of CUI a contractor will handle during the contract and will be stated in the contract.

 

CMMC: Additional Resources:

 

Contact us today to get started on your journey to Cybersecurity education and compliance!

 
CONTACT US