Comparing XQ with GCC High reveals some important truths for Defense Industrial Base (DIB) (sub)contractors and vendors. XQ is less expensive, faster to deploy, easier to use, and better adapted to today’s risk landscape. For many DIB members, XQ is the smarter choice.

CMMC compliance provides numerous benefits for defense contractors and suppliers. By achieving CMMC certification, your organization can gain a competitive advantage, build relationships with prime contractors, improve its cybersecurity posture, increase trust with customers and partners, reduce liability, and simplify compliance efforts. As the DoD ramps up NIST 800-171 audits and certification requirements for DoD contract eligibility become increasingly imminent, there's no better time to start your organization's CMMC journey. 

trategic Communications, a leading cloud services and IT solutions integrator, recently partnered with Zero Trust Solution Provider XQ. This partnership aims to bring XQ's solutions to federal and state agencies, helping them improve their critical infrastructure's security and privacy.

Incorporating XQ means you get incredibly safe, secure, and compliant customization on the infrastructure you control. Wherever and however you already work, simplify your sharing, upgrade your security, and achieve compliance quickly, cheaply, and effectively. If you’re still not ready for the May 2023 onset of CMMC, we can help. Book a time to talk, email us, or subscribe to our CMMC newsletter now!

Scoping is a key part of the CMMC assessment process. Per CMMC Assessment Guide Level 2, “The CMMC Assessment Scope informs which assets within the contractor’s environment will be assessed and the details of the assessment.” In other words, scope determines which organizational assets are relevant when conducting CMMC assessment and certification. Scoping can be confusing, so we’ve dedicated this post to simplifying things for our readers.

Are you interested in learning more about preparing for CMMC assessment, including gap analysis, gap closure, and documentation? Read on! If you missed the first post, see Preparing For CMMC Assessment, Part One!

This blog is part one of a two-part series outlining the steps contractors can take, regardless of their unique conditions or approaches, to begin ‘doing’ CMMC. Following these blog posts will be individual posts outlining how to accomplish the listed steps in even greater detail. Today’s blog outlines steps one through three.

Unlike CMMC Level 1, compliance with Level 2 practices cannot be self-assessed. The formal Level 2 CMMC Assessment Process (CAP) can take months to complete! Understand the CMMC Level 2 Assessment Process and begin preparations for CMMC before requirements appear in DoD contracts in May 2023!

This blog introduces

• CMMC Level 2 Requirements

• The formal CMMC Assessment Process (CAP)

CMMC practices are organized into 14 domains, which are categories that reflect the areas of security that the practices cover. These include Access Control, Awareness and Training, Audit and Accountability, Configuration Management, Identification and Authentication, Incident Response, Maintenance, Media Protection, Personnel Security, Physical Protection, Risk Assessment, Security Assessment, System and Communications Protection, and System and Information Integrity. Each domain contains a different amount of practices, and with each level of certification, more practices are needed.

XQ ZTD Based CMMC Level 2 Compliance For Microsoft 365 Business Premium

Email and Files is the primary operational mode for many small businesses and Microsoft 365 Business Premium is already the market leader. XQ’s Zero Trust Data (ZTD) can be added to a small business account within an hour to provide 94 of the 110 requirements to meet Level 2 CMMC compliance.

While contractors can use outside support (like a Certified CMMC Professional or even C3PAO), CMMC Level 1 compliance is ultimately self-assessed and the contractor's responsibility. Contractors scope and evaluate their compliance using the CMMC Level 1 Assessment Guide, based on the assessment guidelines described in NIST Special Publication (SP) 800-171A Section 2.1 and whose practices align with FAR Clause 52.204-21. 

What is the Difference Between CMMC 1.0 and CMMC 2.0?

After the initial version of CMMC (CMMC 1.0) was met with widespread criticism, the DoD modified the framework. The DoD replaced the 2019 framework with CMMC 2.0 in 2021. It is a more dynamic, flexible, and industry-friendly version of the original. CMMC's redesign is focused on reducing compliance and certification costs, especially for small businesses; building trust in the assessment ecosystem; and (3) redefining CMMC cybersecurity requirements in alignment with widely recognized cybersecurity standards.

Malicious cyber actors are increasingly targeting the Defense Industrial Base (DIB) sector and the Department of Defense (DoD) supply chain. By exploiting vulnerabilities in cyber security, bad actors can steal valuable intellectual property and sensitive information, undercutting technical advantages, impairing innovation, and increasing risks to national security. The Cybersecurity Maturity Model Certification (CMMC) is a product of the Department of Defense’s (DoD’s) need to protect American interests against this growing threat.

CMMC improves, standardizes, and verifies cyber hygiene practices across the DIB. It outlines the required cyber security measures DIB members must take to protect non-classified, sensitive information across three maturity levels. Each level prescribes security practices commensurate with the sensitivity and risk of a specific category of information or data.

The DoD published an update to its Zero Trust Strategy (attached). The most important item is data's increased role in their Zero Trust strategy. In the past, the DoD defined Zero Trust primarily from a network, device, and identity perspective (the data component was not prominent). Two changes drive the evolution of the DoD’s Zero Trust Strategy; 1/ the growth of sensor/imaging data and ensuring that it is available to front-line personnel and 2/real-world experience from Ukraine in which wireless networks are continuously jammed. These two factors have resulted in a new warfighting model in which mission-critical data is stored at the edge along with authorization policies. In fact, the only example of Zero Trust in action on Page 6 is about moving away from the older approach to locking down data in one place to allowing any authorized user to access data WHENEVER and WHEREVER they are (they actually capitalize those words).

Recent high-profile cyber security breaches illustrate the extraordinary costs that failing to maintain robust and effective cyber defenses presents across industries.

The examples below reveal that companies incur significant losses due to financial settlements, steep regulatory penalties, loss of reputation, and penalties.

This is the third part in a multi-part tutorial series on deploying and managing XQ’s Secure Gateway. In this video, we will cover deploying your first gateway.

this is the second part of a multi-part tutorial series on deploying and managing XQ’s Secure Gateway. In this video, we will cover configuring your first XQ Secure Gateway.

in this multi-part tutorial series, we will show you how to deploy and manage XQ’s Secure Gateway. In this video, we will cover XQ’s Gateway Web Portal. Secondly, we will walk through configuring your first gateway and deploying XQ’s Secure Gateway on Ubuntu.

Exponential improvements in computing power mean that smart technologies can help communities tackle civic challenges efficiently and effectively to ensure equitable outcomes. Following a trust-centric resident-first approach, we outline five ideas that could help foster community empowerment.

Organizations need to adopt a new security model to protect their clients, teams, data, and applications effectively. In a Cyber Security Matters episode, hosts Dominic Vogel and Christian Redshaw joined Junaid Islam, Co-Founder of XQ Message, the leader in data-centric digital trust discuss the best security practices for organizations, Zero Trust, and concerns in cyberspace.