The U.S. Department of Defense (DoD) has released v0.6 of its Cybersecurity Maturity Model Certification (CMMC). As we previously reported, SysArc made several suggestions to the DoD on version v0.4, and many of these suggestions were taken into consideration with the draft of v0.6.

CMMC v0.4 was released to the public for review and comments in early September 2019. Based on the feedback from DoD Contractors and cybersecurity experts who have been working to implement NIST 800-171 requirements into contractor systems over the last several years, v0.6 “significantly reduces the model size, modifies the practices and processes, and provides clarifications and examples for CMMC Level 1. The document includes CMMC Levels 1-3 of the latest version of the CMMC Model (Appendix A) with clarifications for CMMC Level 1 in Appendix B. The updates to CMMC Levels 4-5 will be provided in the next public release.”1

To view CMMC v0.6, please follow this link: https://www.acq.osd.mil/cmmc/docs/CMMC-V0.6b-20191107.pdf

For more information on Cybersecurity Maturity Model Certification (CMMC), please see our in depth Guide on CMMC written exclusively for DoD contractors. For immediate assistance, please give us a call at (866) 583-6946 or request a CMMC Consultation.

SysArc is proud to announce that it has been selected as one of the Top 100 Places to Work in Washington, DC by the Washington Business Journal. The Managed Security Service Provider was ranked among 32 other small companies in the Washington, DC area based on its highly regarded perks, leadership, office space, culture and more.

The list is based on the Omaha, Nebraska-based Quantum Workplace’s annual employee engagement survey. The Best Places to Work results are quantitative, based on survey responses from employees themselves, rather than a panel of outside judges. Companies are scored based on their perks, leadership, office environment, culture and other categories.

“Being selected for this list is a reflection of our commitment to building a company that thrives on our team members’ career growth, personal health, and job satisfaction,” says SysArc CEO, Tim Brennan. “We take care of our employees, and by doing so we know they’ll continue to provide excellence in cyber security and information system services for our customers across the United States,” he adds.

Rankings of the Best Places to Work honorees were announced on May 16, 2019 at a special awards event at MGM National Harbor in Oxon Hill, Maryland. Additionally, the Washington Business Journal honored 3 top human resources leaders, as judged by a panel including Washington Business Journal staff.

To learn more about SysArc and its leadership team, please visit https://www.sysarc.com/who-we-are/. If you are an Information Systems Professional and are interested in joining the SysArc team, please feel free to contact the company about your interest.

SysArc is proud to announce that CEO, Tim Brennan, will be presenting on the subject of DFARS Compliance and NIST 800-171 at AFCEA’s TechNet Cyber 2019 Event on May 14-16, 2019. The event, which will take place at the Baltimore Convention Center, is designed to bring together military, industry and academia to discuss ideas and encourage progress and innovation in cyber security.

As SysArc has reported previously, the United States has mandated that any contractors who provide services to the Department of Defense must implement cyber security plans and procedures in accordance with the National Institute of Standards and Technology’s Special Publication 800-171. SysArc’s presentation entitled, “Navigating Cybersecurity Compliance for Small Contractors – How to Get Your Company DFARS/NIST 800-171 Compliant in 3 Easy Steps,” is designed to guide contractors on how to implement those plans and procedures.

“Over the past several years we’ve helped DoD prime and subcontractors all over the United States comply with DFARS by implementing the NIST 800-171 cyber security framework within their organizations,” says Tim Brennan. “Our presentation is designed to give them a clear understanding of what they need to do to quickly and affordably comply with DFARS so that they may continue to win contracts with the Department of Defense.”

As a Managed Security Service Provider in Washington, DC, SysArc helps U.S. companies mitigate their IT risks with state-of-the-art cyber security plans and procedures. Since a large percentage of their clients were involved in the Department of Defense supply chain, SysArc was one of the early adopters of NIST SP 800-171. SysArc looks forward to bringing this wealth of knowledge and experience on the subject to TechNet Cyber 2019.

For more information about SysArc’s services to help DoD contractors comply with DFARS, please see their DFARS/NIST 800-171 Compliance Services page.

SysArc Inc. is proud to announce that it has been awarded the Comptia Security Trustmark+ due to its excellence in implementing the NIST Cybersecurity framework for DoD Contractors, Federal Agencies, and companies throughout the United States.

The CompTIA Security Trustmark+

The CompTIA Security Trustmark+ is based on the NIST Cybersecurity Framework and provides a cost-effective path for demonstrating compliance with key industry regulations such as DFARS, FISMA, PCI-DSS, SSAE-16, HIPAA, and others reliant on the NIST Framework.

ISO, the International Organization for Standards, also currently maps into the NIST Cybersecurity Framework and is reflected in elements of the CompTIA Security Trustmark+.

How SysArc Earned The CompTIA Security Trustmark+

To earn the CompTIA Security Trustmark+, SysArc successfully completed an assessment of their security policies, procedures and documentation by a CompTIA-approved 3rd party reviewer. This assessment provides the organization with feedback on the quality and comprehensiveness of their security posture. Organizations at this level have earned the highest Security Trustmark available.

SysArc’s Compliance Solutions

SysArc helps organizations throughout the United States comply with government mandated cybersecurity regulations. As SysArc has previously reported, The White House, Department of Homeland Security (DHS), and Department of Defense (DoD) have put a high-priority on getting government agencies and contractors to comply with these regulations. The result has been demand for cyber security experts such as SysArc at its highest level ever.

For more more information about SysArc’s Compliance Solutions and Services, please see our Services page. If you have any questions or concerns about your organization’s cybersecurity, please contact SysArc at (240) 350-9638 or fill out this online form.

 

We’re proud to announce that Maryland-based DoD Contractors who use SysArc® DFARS/NIST 800-171 Compliance Solutions may qualify for financial assistance through The Maryland Defense Cybersecurity Assistance Program (DCAP).

About the Program:

With Maryland Department of Defense Contractors accounting for more than $57 billion in economic activity, the DCAP created the program to assist DoD Contractors in complying with Federal regulations so they can continue to provide their services to the Federal Government.

More specifically, this program provides financial assistance to DoD Contractors needing to comply with The Defense Federal Acquisition Regulation Supplement (DFARS) and meet the requirements defined in NIST SP 800-171.

The program is funded by the Department of Defense’s Office of Economic Adjustment (OEA) through the Maryland Department of Commerce and is being coordinated by the Maryland MEP.

Who Qualifies?

In order to qualify for the program, the Defense Contractor must have a physical location in Maryland, and must have 10% or more of its business related to the Department of Defense or have a contract/procurement request for compliance.

Available Grants:

The DCAP has made the following grants available:

• $2,500 for Gap Analysis: Funding is available to reimburse $2,500 of the cost for a SysArc® NIST SP 800-171 Gap Analysis.
• $5,000 for Remediation: Funding is available to reimburse $5,000 of the cost for SysArc® NIST 800-171 Remediation Services.
• $3,000 for Tools, Hardware and Software: Funding is available to reimburse $3,000 of the cost of tools, hardware, and software required during the remediation phase.

How to Apply:

As a partner of the DCAP, SysArc can assist DoD Contractors with their application and provide the Gap Analysis, Remediation, and Security Monitoring required in NIST 800-171. To apply, give us a call at (800) 481-1984 or fill out this form.

SysArc® DFARS/NIST 800-171 Compliance Solutions:

Located in Rockville, Maryland, SysArc specializes in helping DoD Prime and Subcontractors throughout the U.S. comply with cyber security regulations such as DFARS. We’ve developed an efficient 3-step process which enables DoD contractors to meet compliance quickly at an affordable cost.

For more information about compliance services, please see our DFARS/NIST 800-171 Compliance Solutions page.

For more information about The Defense Federal Acquisition Regulation Supplement (DFARS) and how it applies to DoD Contractors, please see our guide on DFARS compliance.

According to ABC News, Austral, the shipbuilding company that handles Australia’s Navy ships for more than a decade, was recently attacked in October by cybercriminals suspected to be from Iran. This shipbuilder has shipyards in Australia, the Philippines and the United States. It has worked with 54 countries on its contracts. The data that they accessed included ship designs and staff contact information. The type of attack that they used tried to get as much data as possible before the intrusion was detected.

The attackers took that information and put it up for sale on the dark web. The Australian Cyber Security Centre investigated the attack to discover the possible national origin of the people behind it. While they don’t know the true motivation behind this incident, one theory is that it happened due to the Australia Prime Minister talking about the Iran nuclear deal and whether the country would continue supporting it.
However, the Australian Cyber Security Centre doesn’t believe that the hackers were backed by the Iranian government, and the Iranian Embassy also issued a denial. Iran, much like Russia, China, and North Korea, is known for posing a major cyber threat to Australia and other countries.

This isn’t the first time in 2018 that Iranians targeted Australia. Universities saw a spear-phishing attack that focused on acquiring academic research and other intellectual property from the schools.

Austral’s response to the breach was not ideal. The attack happened in October, but the organization did not send a notification to the Australian Stock Exchange until they had to respond to someone going public with the cyber theft on Twitter. The investigation is ongoing.

The United States Response to Cyber Attacks

The United States recently updated its Department of Defense Cyber Strategy from 2015 to better address the cyber threats present in today’s world. Specifically, this strategy highlights the threat posed by foreign nations on the cybersecurity front. China and Russia are the primary countries highlighted in this document, but other state actors are also of concern.

Cybersecurity can’t be an afterthought in any organization. The risk of data breaches, especially by state-sponsored actors, must be addressed through strict adherence to regulations and investments in IT security.

Managed Cyber Security Provider, SysArc, has announced that it will be sponsoring and attending the Capital Cyber Security Summit on November 13, 2018 at the Ritz Carlton, Tysons Corner. The Washington, DC metro area is a hotbed of cutting-edge cyber security solutions and talent, making it the perfect location for the summit.

Hosted by the Northern Virginia Technology Council (NVTC), the Capital Cyber Security Summit 2018 will be a chance for Greater Washington’s technology community to come together and share their knowledge in the area of cyber security. This year, a diverse and interesting selection of keynote speakers will offer fresh insights into the latest generation of cyber security technologies and digital solutions. One notable speaker includes Senior Vice President and Chief Technology Officer of McAfee, Steve Grobman. There will also be panels that will provide an opportunity to discuss operations and enforcement options for private sector businesses, government bodies, and academic institutions.

According to SysArc, the summit will be an invaluable opportunity to meet with other professionals in the Greater Washington region, and show off its solutions in Managed Cyber Security and IT risk Management & Compliance. By sharing their experiences, technology companies working in this region can improve their understanding of current cyber security threats, which are constantly evolving. The companies can then use this knowledge to better protect both local and national businesses against online criminal activity.

SysArc’s attendance at the Capital Cyber Security Summit this November exemplifies their effort to offer cutting-edge cyber security services to companies throughout the region. For more than a decade, SysArc has provided IT support and managed cyber security services to businesses and is looking forward to meeting with potential customers and partners to share their expertise and solutions in this critical space. The Capital Cyber Security Summit will be an opportunity for SysArc to promote cyber security best practices and connect with even more potential partners and customers.

Registrations for the Capital Cyber Security Summit are now open. For a chance to network with SysArc and other attendees from the Greater Washington region of Virginia, Maryland, and D.C., visit http://www.capitalcybersummit.com/