Support: 800-699-0925 Sales: 800-481-1984

SysArc

IT Company

Who We Are

Providing Trusted Business IT Consulting, Solutions and Support

CMMC 2.0: Expectations and Timelines | Webinar with Exostar

by

SysArc recently contributed to an Exostar panel discussion entitled “CMMC 2.0: Expectations and Timelines” featuring SysArc CEO, Tim Brennan and Exostar’s Vice President of Strategy, Vijay Takanti. Streamed live on June 21st, 2022 — This webinar was recorded and is available to watch below.

In this webinar we discuss the following:

  • What obligations DIB contractors and subcontractors are still under today via DFARS 252.204-7012 (and DIBCAC Assessments at DoD discretion)
  • What is expected to happen once CMMC 2.0 is open to public comment, likely in March 2023 (and what that means in terms of compliance planning)
  • What we have heard Primes expect of their suppliers regarding assessment status and reporting
  • Challenges suppliers face today to maintain both compliance and business efficiency

Need Help with CMMC? SysArc Can Help

We are a Managed Security Service Provider (MSSP) that specializes in helping DIB suppliers protect their information systems and comply with the cybersecurity regulations from the Department of Defense. We’ve consulted over 1000 companies and helped them navigate the complexities of DFARS, CMMC, and NIST 800-171. 

To learn more about preparing for CMMC and how SysArc can help, please visit our CMMC guide here. If you’d like to speak with our team about your compliance needs, please feel free to give us a call or schedule a CMMC consultation

DoD Prime Contractors Are Taking a More Active Role in Enforcing DFARS Compliance

by

DCMA Logo

As a Managed Security Service Provider (MSSP) that helps small and medium sized DoD contractors comply with DFARS and prepare for CMMC, we are currently seeing large prime contractors take a more active role in assessing their own supply chains and enforcing DFARS compliance. Because of this, many DoD contractors are feeling pressure to accelerate their path to compliance.

Sysarc CEO, Tim Brennan, and a Chief Information Security Officer (CISO) from a large Prime contractor shared their insights on a recent Exostar webinar. The Prime contractor CISO said, “I can definitely say that we are leveraging SPRS scores as it relates to a data point in terms of the vulnerability within our supply chain — there is no doubt.” What this means is that the Prime, one of the world’s largest defense contractors, is looking at the SPRS scores of their suppliers to evaluate how secure their own supply chain is. He went on to say, “DFARS 7019 was a gift to Primes because now we can ask for a simple score… We say ‘what’s your SPRS score?’ and you either get a score or no response — both of which are valuable data as it relates to how you are going to use it to protect not just the functional security of your supply chain, but also the reputation as it relates to who you do business with.”  

Another Prime took an even more aggressive stance. According to Brennan, “One of our customers recently received a letter from a Prime. The subject matter was new to us and our customer. This customer had submitted an SPRS score of 55, which if you know how SPRS is scored, isn’t that bad. Yet the Prime stated in the letter that they wouldn’t be able to send them CUI electronically any more, and they would have to send it via FedEx. This alarmed our customer because now they feel they’re not being viewed as where they need to be competitively.”

You can watch this conversation in the video below (We’ve preset the start time for you):

For more information on SPRS scores and what they mean to DoD suppliers, please see our guide to the DFARS Interim Rule.

This push by DoD prime contractors comes on the heels of the “Shields Up” advisory by the Department of Homeland Security’s (DHS) Cyber and Infrastructure Security Agency (CISA) — a response to the growing number of cyber threats due to the Russia/Ukraine conflict and the United States’ response to it. In light of this, it seems the whole Defense Industrial Base (DIB) is feeling top down pressure to protect their operations from being shut down and/or having sensitive information stolen by foreign adversaries. 

If you are a DoD contractor concerned about the state of your organization’s cybersecurity and need help in easing those concerns, please feel free to give us a call or schedule a consultation. Our team has helped over 1000 DoD suppliers throughout the U.S. protect their IT infrastructure while complying with DFARS and preparing for CMMC.

For more information, please see our DFARS and CMMC compliance guides, and learn more about our NIST 800-171 assessment service which is the basis for finding out what your organization needs to do to become compliant.