SysArc is proud to announce that it has been awarded the designations as both a Registered Provider Organization (RPO) and a CMMC Third-Party Assessor Organization (C3PAO) by the CMMC Accreditation Board. These achievements further SysArc’s ability and mission to aid organizations with CMMC preparation and assessments with the highest degree of expertise.

The Role of RPOs

The RPO designation identifies us as official consultants and “implementers” approved by the CMMC AB. When functioning as an RPO, we provide advice and recommendations for DoD contractors and suppliers to prepare them for CMMC accreditation.

This is a “non-certified” role, as RPOs do not conduct a certified CMMC assessment, but it allows us to aid clients in updating security and processes before being assessed. This designation signifies that we follow the highest industry standards set by the CMMC AB.

For information about how we prepare DoD suppliers for an official CMMC assessment, please see our CMMC RPO page. 

The Role of C3PAOs

Qualifying as a C3PAO authorizes us to conduct official CMMC assessments for organizations in the Department of Defense supply chain according to the CMMC Assessment Standard.

As part of the C3PAO process, SysArc is required to undergo a CMMC Level 3 Assessment in the near term and work towards an ISO 17020 certification within the next 18 months. 

As a C3PAO, SysArc is better able to assist clients at any stage of CMMC preparation and implementation due to the in-depth training and experience we have completed in over 150 DFARS and CMMC engagements since 2017.

Work with SysArc

Very few organizations hold both these designations. Our standing as both an RPO and a C3PAO enables us to fully assist DoD contractors throughout the CMMC process. The training our team has undertaken (and will undertake) to achieve these badges gives us an even greater, in-depth knowledge of the accreditation process, which we pass on to our clients to help them succeed in their compliance and security journeys. NOTE: We are not able to act as both an RPO and a C3PAO for the same customer due to conflict of interest provisions.

At SysArc, we are committed to the defense industry and community. We stay up to date with the latest changes and keep at the forefront of every new announcement and designation so we know exactly how to help you best. We continue to work hard to keep organizations in the DoD supply chain secure, compliant, and competitive.

To learn more about how SysArc acts as an RPO to aid DoD contractors in remediation and as a C3PAO in performing assessments, visit our CMMC Guide for DoD Contractors, or get in touch for a free consultation.

September 4, 2020—SysArc is excited to announce this year’s Virtual CMMC Summit event being held on September 15, 2020, and invite all interested participants to register today.  

This free event is hosted by PreVeil and is the leading event of the year for Cybersecurity Maturity Model Certification (CMMC). The event will focus on providing attendees with valuable information on best practices for achieving CMMC compliance in 2020. 

Attendees will be able to learn from top industry professionals, including leaders from the Department of Defense (DoD) and CMMC Accreditation Board (CMMC-AB), security experts, compliance practitioners, and higher education representatives. 

Among the panel of distinguished speakers are the DoD’s CISO of Acquisitions, Katie Arrington; Board Chairman for CMMC Accreditation Body, Ty Schieber; and leading attorney in cybersecurity and supply chain, Robert Metzger.

Speakers will cover topics such as state-of-the-art data protection, CMMC must-dos for 2020, PreVeil’s solution for protecting CUI, and critical compliance initiatives for small and mid-sized defense suppliers and higher education.

Following the speakers’ remarks, there will be a unique opportunity for attendees to virtually connect with top industry experts and ask questions during what will be called “Expert Hour.” Our professionals at SysArc, one of the nation’s leading cybersecurity experts and Managed Service Providers, are eager to answer your questions about the upcoming CMMC standard and what will be required for compliance.

To register for this premier event, please use the following link: https://us02web.zoom.us/webinar/register/3015979443695/WN_w63l8EcsTM6NJmPpCRu0BQ   

SysArc, a U.S. based Managed Security Service Provider, is proud to announce that it has partnered with email and file sharing encryption company PreVeil. This strategic move underscores SysArc’s commitment to continually improve its cybersecurity offering for its customers, many of whom fall within the government sector or DoD supply chain.

PreVeil provides end-to-end encryption for email and cloud services, equipping organizations with the ultimate security for their data. With years of experience in serving aerospace and defense companies, PreVeil’s comprehensive encryption offers a simple solution for complying with the encryption requirements in CMMC and other government regulations that companies in these industries must comply with.

Through this partnership, SysArc will continue to serve DoD contractors by offering quick, effective, and affordable solutions that enable them to comply with CMMC, DFARS, NIST 800-171, FISMA, and other required regulations and standards.

With the recent implementation of CMMC, SysArc understands the need for DoD suppliers to make immediate changes to their cybersecurity measures in preparation for an upcoming CMMC audit. That’s why SysArc is determined to find and make accessible the most effective services and solutions for small to mid-size DoD contractors. SysArc consistently provides quick and affordable ways for companies to achieve compliance so they can continue to win Department of Defense contracts with less obstacles.

For more information about how SysArc helps DoD contractors implement NIST 800-171, as well as other controls, and effectively prepare for the upcoming CMMC audits, please visit this guide on CMMC Certification for DoD Contractors.

SysArc is proud to announce that it will be speaking alongside Department of Defense leaders at the Defense Industrial Base Cybersecurity Maturity Model (CMMC) Conference on March 5th from 9am-4pm at the DreamPort Facility in Columbia, Maryland.

SysArc’s presentation entitled, “Helping Small DoD Suppliers Reduce the Cost of CMMC Readiness” will cover how the company has helped hundreds of DoD suppliers across the United States navigate the complexities of DFARS, NIST 800-171, and now CMMC. SysArc, who has been at the forefront of the cybersecurity regulations that have been sweeping the defense industry over the last several years, has developed and continued to streamline reliable and cost-effective processes for getting suppliers prepared for upcoming CMMC audits.

Other notable speakers at the event include a keynote address by Chief Information Security Officer for the Office of the Under Secretary of Defense for Acquisition, Katie Arrington. Katie’s leadership has been integral in the development and rollout of the CMMC program. Also speaking is Corporate Director of Cyber Programs on the Space, Intelligence and Cyber Team within Government Relations at Northrop Grumman, Ed Devinney, as well as many other DoD cybersecurity experts.

For more information about the event as well as a detailed agenda, please visit the DreamPort website here. For more information on Cyber Maturity Model Certification (CMMC) and how SysArc helps DoD suppliers prepare for CMMC, please see here.

The U.S. Department of Defense (DoD) has released v0.6 of its Cybersecurity Maturity Model Certification (CMMC). As we previously reported, SysArc made several suggestions to the DoD on version v0.4, and many of these suggestions were taken into consideration with the draft of v0.6.

CMMC v0.4 was released to the public for review and comments in early September 2019. Based on the feedback from DoD Contractors and cybersecurity experts who have been working to implement NIST 800-171 requirements into contractor systems over the last several years, v0.6 “significantly reduces the model size, modifies the practices and processes, and provides clarifications and examples for CMMC Level 1. The document includes CMMC Levels 1-3 of the latest version of the CMMC Model (Appendix A) with clarifications for CMMC Level 1 in Appendix B. The updates to CMMC Levels 4-5 will be provided in the next public release.”1

To view CMMC v0.6, please follow this link: https://www.acq.osd.mil/cmmc/docs/CMMC-V0.6b-20191107.pdf

For more information on Cybersecurity Maturity Model Certification (CMMC), please see our in depth Guide on CMMC written exclusively for DoD contractors. For immediate assistance, please give us a call at (866) 583-6946 or request a CMMC Consultation.

SysArc is proud to announce that it has been selected as one of the Top 100 Places to Work in Washington, DC by the Washington Business Journal. The Managed Security Service Provider was ranked among 32 other small companies in the Washington, DC area based on its highly regarded perks, leadership, office space, culture and more.

The list is based on the Omaha, Nebraska-based Quantum Workplace’s annual employee engagement survey. The Best Places to Work results are quantitative, based on survey responses from employees themselves, rather than a panel of outside judges. Companies are scored based on their perks, leadership, office environment, culture and other categories.

“Being selected for this list is a reflection of our commitment to building a company that thrives on our team members’ career growth, personal health, and job satisfaction,” says SysArc CEO, Tim Brennan. “We take care of our employees, and by doing so we know they’ll continue to provide excellence in cyber security and information system services for our customers across the United States,” he adds.

Rankings of the Best Places to Work honorees were announced on May 16, 2019 at a special awards event at MGM National Harbor in Oxon Hill, Maryland. Additionally, the Washington Business Journal honored 3 top human resources leaders, as judged by a panel including Washington Business Journal staff.

To learn more about SysArc and its leadership team, please visit https://www.sysarc.com/who-we-are/. If you are an Information Systems Professional and are interested in joining the SysArc team, please feel free to contact the company about your interest.

SysArc is proud to announce that CEO, Tim Brennan, will be presenting on the subject of DFARS Compliance and NIST 800-171 at AFCEA’s TechNet Cyber 2019 Event on May 14-16, 2019. The event, which will take place at the Baltimore Convention Center, is designed to bring together military, industry and academia to discuss ideas and encourage progress and innovation in cyber security.

As SysArc has reported previously, the United States has mandated that any contractors who provide services to the Department of Defense must implement cyber security plans and procedures in accordance with the National Institute of Standards and Technology’s Special Publication 800-171. SysArc’s presentation entitled, “Navigating Cybersecurity Compliance for Small Contractors – How to Get Your Company DFARS/NIST 800-171 Compliant in 3 Easy Steps,” is designed to guide contractors on how to implement those plans and procedures.

“Over the past several years we’ve helped DoD prime and subcontractors all over the United States comply with DFARS by implementing the NIST 800-171 cyber security framework within their organizations,” says Tim Brennan. “Our presentation is designed to give them a clear understanding of what they need to do to quickly and affordably comply with DFARS so that they may continue to win contracts with the Department of Defense.”

As a Managed Security Service Provider in Washington, DC, SysArc helps U.S. companies mitigate their IT risks with state-of-the-art cyber security plans and procedures. Since a large percentage of their clients were involved in the Department of Defense supply chain, SysArc was one of the early adopters of NIST SP 800-171. SysArc looks forward to bringing this wealth of knowledge and experience on the subject to TechNet Cyber 2019.

For more information about SysArc’s services to help DoD contractors comply with DFARS, please see their DFARS/NIST 800-171 Compliance Services page.

SysArc Inc. is proud to announce that it has been awarded the Comptia Security Trustmark+ due to its excellence in implementing the NIST Cybersecurity framework for DoD Contractors, Federal Agencies, and companies throughout the United States.

The CompTIA Security Trustmark+

The CompTIA Security Trustmark+ is based on the NIST Cybersecurity Framework and provides a cost-effective path for demonstrating compliance with key industry regulations such as DFARS, FISMA, PCI-DSS, SSAE-16, HIPAA, and others reliant on the NIST Framework.

ISO, the International Organization for Standards, also currently maps into the NIST Cybersecurity Framework and is reflected in elements of the CompTIA Security Trustmark+.

How SysArc Earned The CompTIA Security Trustmark+

To earn the CompTIA Security Trustmark+, SysArc successfully completed an assessment of their security policies, procedures and documentation by a CompTIA-approved 3rd party reviewer. This assessment provides the organization with feedback on the quality and comprehensiveness of their security posture. Organizations at this level have earned the highest Security Trustmark available.

SysArc’s Compliance Solutions

SysArc helps organizations throughout the United States comply with government mandated cybersecurity regulations. As SysArc has previously reported, The White House, Department of Homeland Security (DHS), and Department of Defense (DoD) have put a high-priority on getting government agencies and contractors to comply with these regulations. The result has been demand for cyber security experts such as SysArc at its highest level ever.

For more more information about SysArc’s Compliance Solutions and Services, please see our Services page. If you have any questions or concerns about your organization’s cybersecurity, please contact SysArc at (240) 350-9638 or fill out this online form.

 

We’re proud to announce that Maryland-based DoD Contractors who use SysArc® DFARS/NIST 800-171 Compliance Solutions may qualify for financial assistance through The Maryland Defense Cybersecurity Assistance Program (DCAP).

About the Program:

With Maryland Department of Defense Contractors accounting for more than $57 billion in economic activity, the DCAP created the program to assist DoD Contractors in complying with Federal regulations so they can continue to provide their services to the Federal Government.

More specifically, this program provides financial assistance to DoD Contractors needing to comply with The Defense Federal Acquisition Regulation Supplement (DFARS) and meet the requirements defined in NIST SP 800-171.

The program is funded by the Department of Defense’s Office of Economic Adjustment (OEA) through the Maryland Department of Commerce and is being coordinated by the Maryland MEP.

Who Qualifies?

In order to qualify for the program, the Defense Contractor must have a physical location in Maryland, and must have 10% or more of its business related to the Department of Defense or have a contract/procurement request for compliance.

Available Grants:

The DCAP has made the following grants available:

• $2,500 for Gap Analysis: Funding is available to reimburse $2,500 of the cost for a SysArc® NIST SP 800-171 Gap Analysis.
• $5,000 for Remediation: Funding is available to reimburse $5,000 of the cost for SysArc® NIST 800-171 Remediation Services.
• $3,000 for Tools, Hardware and Software: Funding is available to reimburse $3,000 of the cost of tools, hardware, and software required during the remediation phase.

How to Apply:

As a partner of the DCAP, SysArc can assist DoD Contractors with their application and provide the Gap Analysis, Remediation, and Security Monitoring required in NIST 800-171. To apply, give us a call at (800) 481-1984 or fill out this form.

SysArc® DFARS/NIST 800-171 Compliance Solutions:

Located in Rockville, Maryland, SysArc specializes in helping DoD Prime and Subcontractors throughout the U.S. comply with cyber security regulations such as DFARS. We’ve developed an efficient 3-step process which enables DoD contractors to meet compliance quickly at an affordable cost.

For more information about compliance services, please see our DFARS/NIST 800-171 Compliance Solutions page.

For more information about The Defense Federal Acquisition Regulation Supplement (DFARS) and how it applies to DoD Contractors, please see our guide on DFARS compliance.

According to ABC News, Austral, the shipbuilding company that handles Australia’s Navy ships for more than a decade, was recently attacked in October by cybercriminals suspected to be from Iran. This shipbuilder has shipyards in Australia, the Philippines and the United States. It has worked with 54 countries on its contracts. The data that they accessed included ship designs and staff contact information. The type of attack that they used tried to get as much data as possible before the intrusion was detected.

The attackers took that information and put it up for sale on the dark web. The Australian Cyber Security Centre investigated the attack to discover the possible national origin of the people behind it. While they don’t know the true motivation behind this incident, one theory is that it happened due to the Australia Prime Minister talking about the Iran nuclear deal and whether the country would continue supporting it.
However, the Australian Cyber Security Centre doesn’t believe that the hackers were backed by the Iranian government, and the Iranian Embassy also issued a denial. Iran, much like Russia, China, and North Korea, is known for posing a major cyber threat to Australia and other countries.

This isn’t the first time in 2018 that Iranians targeted Australia. Universities saw a spear-phishing attack that focused on acquiring academic research and other intellectual property from the schools.

Austral’s response to the breach was not ideal. The attack happened in October, but the organization did not send a notification to the Australian Stock Exchange until they had to respond to someone going public with the cyber theft on Twitter. The investigation is ongoing.

The United States Response to Cyber Attacks

The United States recently updated its Department of Defense Cyber Strategy from 2015 to better address the cyber threats present in today’s world. Specifically, this strategy highlights the threat posed by foreign nations on the cybersecurity front. China and Russia are the primary countries highlighted in this document, but other state actors are also of concern.

Cybersecurity can’t be an afterthought in any organization. The risk of data breaches, especially by state-sponsored actors, must be addressed through strict adherence to regulations and investments in IT security.