The Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) Level 2 is based on the 110 security practices from NIST SP 800-171 rev 2. These practices are designed to protect controlled unclassified information (CUI) within the defense supply chain. For most DoD contractors, achieving CMMC Level 2 compliance is now mandatory, but the process is challenging. Organizations must navigate evolving requirements, implement technical controls, manage costs, train their workforce, and prepare for stringent audits. Here’s an overview of the top challenges contractors face along with the best practices for overcoming them.
Appalachia Technologies Blog
Appalachia Technologies team is comprised of a diverse mix of IT professionals, some of whom have been on the forefront of IT since the industry’s inception. Through the years, our team has developed a wide array of experience in understanding individual needs and how they relate to your business.
Jimmy Armour is a cybersecurity and compliance professional specializing in NIST, SOC 2, and CIS GRC frameworks. As a Practice Lead, he guides cross-functional teams to streamline audit processes, strengthen security posture, and meet rigorous regulatory requirements—always staying on the cutting edge of emerging cybersecurity trends.
Outside of his professional pursuits, Jimmy is deeply involved in Harrisburg Young Professionals Sports—playing kickball, dodgeball, and bowling—while also participating in the 247Kickball leagues. Some years even take him to national kickball tournaments. All of which are experiences he finds mirrors the same camaraderie and teamwork that drive his success in the workplace.
In today’s increasingly interconnected world, safeguarding sensitive government data is a top priority for federal agencies—and for the contractors they partner with. While classified information has long been protected through well-established regulations, a new category of “Controlled Unclassified Information” (CUI) has emerged in recent years, prompting additional guidance and compliance requirements. Enter the Federal Acquisition Regulation (FAR) rule for CUI.
In this blog post, we’ll explore what CUI is, why it matters to government contractors, and how the FAR rule on CUI will shape compliance requirements going forward.