banner-why-daymark.jpg

Information Technology Navigator

Tips, Advice & Insights from Technology Pros

2025 Timeline for CMMC 2.0 Compliance

The Cybersecurity Maturity Model Certification (CMMC) program journey started back in 2019, which eventually led to DFARS Case 2019-D041. Since then, it has gone through several changes and program evolutions. Nearing 4 years in the making and getting closer to being finalized, companies are wondering what is next. What is the target date for the new rule?

CMMC Rulemaking Timeline

The rulemaking process illustrated in the graphic below shows a high-level workflow from the Government Accountability Office (GAO).

Figure 1: GAO Federal Rulemaking

Read More
Tue, Nov 05, 2024
Share:   

What Government Subcontractors Should Know About DFARS Flowdowns

Protecting sensitive and classified information when working for the Federal Government requires constant vigilance. When the government issues a contract, it must specify to the performing contractor when covered defense information (CDI) or controlled unclassified information (CDI) will be generated under the contract. Many prime contractors “flowdown” every FAR and DFARS clause to subcontractors and vendors without considering if that subcontractor or vendor will be processing, storing, or transmitting CDI. Anticipating where CDI may reside once awarded a contract can be a challenge. Here is guidance on ways CDI can flowdown to subcontractors and the defense industrial base (DIB), and steps those organizations should take before signing an agreement.

An Introduction to DFARS

Read More
Thu, Apr 25, 2024
Share:   

Keeping Up with the GCC High Roadmap

 

Adoption of Microsoft’s 365 Government Community Cloud (GCC) High sovereign cloud solution is on the rise as organizations in the Defense Industrial Base (DIB) work to ensure compliance with the stringent regulations related to the Cyber Security Maturity Model (CMMC) v2.0 and current NIST 800-171 framework. GCC High is an excellent option for DIB contractors who handle Controlled Unclassified Information (CUI) and International Traffic in Arms Regulation (ITAR) data in their cloud or hybrid environments.

Microsoft continuously improves and enhances features and capabilities to the GCC High platform. Just like updates to Microsoft 365, it can be hard to keep up with them all. Daymark’s Government Community Services Team has carefully selected updates we believe are worth paying attention to with our own GCC High Roadmap.

Read More
Thu, Apr 13, 2023
Share:   

The Key to CMMC Readiness: NIST Compliance

Preparing for a Cybersecurity Maturity Model Certification (CMMC) 2.0 assessment can be completely overwhelming. Here’s the good news: If you’re NIST 800-171 compliant, you’re more than halfway there. If you’re not, you’ve got some work to do for sure, but it’s not as complicated or daunting as you may fear.

NIST 800-171

Read More
Tue, Dec 06, 2022
Share:   

The Risks of Delaying CMMC 2.0 Compliance

The Cybersecurity Maturity Model Certification (CMMC) 2.0 is the DoD framework designed to enhance cybersecurity and protect against compromise of sensitive defense information on contractors’ systems. Some defense industrial base organizations (DIB) have mistakenly taken a “wait and see” attitude about preparing for CMMC compliance, believing that they will wait until the government finalizes 2.0 requirements. While holding off on the time, resources and budget to prepare for CMMC may seem prudent (and frankly easier to delay), the risks of waiting could have a significantly negative impact on contractors’ revenue. Here’s why: 

Read More
Wed, Sep 28, 2022
Share:   

NIST and CMMC – What You Need to Know

If your organization has been working towards NIST 800-171 and is now on the journey to achieve CMMC 2.0 (the Cybersecurity Maturity Model Certification) it can be difficult to understand what you’ve already achieved and what’s left to do. Both standards are intended to reduce threats and strengthen cybersecurity for sensitive government data. Here’s some details on how they relate to each other and what’s involved to take the next steps toward CMMC compliance.

Read More
Tue, Apr 19, 2022
Share:   

What Level of GCC is Right for You?

Microsoft 365 GCC vs. GCC High

How do you know which level of GCC is right for you? Here’s key criteria to help you distinguish GCC and GCC High so that your organization makes the move to the right cloud.

Government Community Cloud (GCC)

You can think of GCC as a government version of the Microsoft 365 commercial environment. It resides on the Azure Commercial infrastructure and has many of the same features, but servers must be located in the continental United States (CONUS) as mandated by FedRAMP Moderate. Although the servers are only in CONUS, access to data is available on a global basis. In general, non-defense-related government agencies and contractors can deploy GCC. 

Read More
Tue, Feb 01, 2022
Share: