I started writing SSP’s (System Security Plans) well before the original Executive Order mandated deadline of December 31st 2017 and have since written at least 50 SSP’s for defense contractors of every imaginable type and size. There wasn’t a lot of guidance on how to do this at that time, other than to have a very thorough and complete understanding of the nearly 500-page NIST 800-53 framework.
Appalachia Technologies Blog
Even organizations with solid cybersecurity programs will have findings from a security assessment. After all, cyber attacks and attackers continue to learn and evolve, always trying to be one step ahead of their prospects. Through our years of performing security assessments, here are the Top 5 areas that we have found to need remediation work post-assessment.
This month’s release of the much-anticipated CMMC 2.0 left many of us in the world of cybersecurity shaking our heads. We have been working diligently with the defense industrial base for several years now, even before the CMMC was created, to stop the bleeding of our defense secrets to our adversaries. As a veteran and a Patriot, I, along with many other Americans, take this very serious problem personally.
In a previous blog post, we discussed how to calculate your SPRS (Supplier Performance Risk System) score in support of your CMMC (Cybersecurity Maturity Model Certification) efforts. In that same blog, we also provided a free tool to help you calculate your SPRS score automatically.
In this follow-on blog, we’ll talk about how to provide your SPRS score to the DoD, which is a whole other chore once you’ve actually determined what your score is. In order to access the part of the SPRS website where your score is uploaded, we first need a CAC (Common Access Card) or a DoD approved medium assurance ECA (External Certification Authority) certificate. The primary purpose of this certificate is to ensure that the individual person entering the score is who they actually claim to be (non-repudiation), in addition to ensuring the confidentiality of the data.