Are you a defense contractor preparing for the Cyber Maturity Model Certification 2.0 (CMMC 2.0)? This webinar will ensure you meet the new standards set by the Department of Defense (DoD) and protect sensitive data throughout the supply chain. Our experts discuss the consequences of non-compliance and provide practical solutions to help you achieve compliance. Learn the ins and outs of CMMC 2.0, including the different levels of certification and the specific requirements. Discover our exclusive XQ solution for CMMC 2.0 compliance using Microsoft 365 Business Premium.

Are you at HIMSS this week? XQ is participating in the AWS HIMSS Partner Theater Talk series, and we want to see you there! This Thursday, Kelby Price will be presenting on Secure Healthcare Cloud Transformation on AWS with Keystone Technologies’ Andy Belval and Ingram Micro Cloud’s Jason Singer!

Thanks to never before seen levels of PHI data and advanced cyber threats, covered entities and business associates are increasingly vulnerable to data loss incidents and HIPAA penalties. The Safe Harbor Bill (H.R.7898) can help insulate organizations from HIPAA penalties if they adopt recognized security practices like CMMC.

The digital era has brought about advancements in healthcare, but has also presented challenges in securing health data. Traditional cybersecurity methods have become inadequate in protecting sensitive information from external threats. XQ's Zero Trust Data offers enhanced protection and oversight, simplified and future-proofed compliance, minimized data loss, and supports patient autonomy.

While CMMC 2.0 is a welcome improvement over CMMC 1.0, the CMMC landscape remains a challenge for many smaller businesses. CMMC non-compliance threatens a business’s survival, but its requirements may still feel impossible for many SMBs. Talk about being stuck between a rock and a hard place!

Next IT & Systems, Leonard McDowell, and XQ Message announce their collaboration on a new international partnership to bring zero trust data to protect high value applications: International collaboration brings a new technology governance framework to drive trust, sustainability, and innovation on a global scale:

The rollout of the Cybersecurity Maturity Model Certification (CMMC, or CMMC 2.0) means it is now more important than ever for defense contractors to ensure that they have a comprehensive cybersecurity program in place. One crucial component of a good cybersecurity program is a System Security Plan (SSP). In this blog post, we'll explain what an SSP is, why it's important for CMMC, and provide tips on developing an SSP.

Comparing XQ with GCC High reveals some important truths for Defense Industrial Base (DIB) (sub)contractors and vendors. XQ is less expensive, faster to deploy, easier to use, and better adapted to today’s risk landscape. For many DIB members, XQ is the smarter choice.

CMMC compliance provides numerous benefits for defense contractors and suppliers. By achieving CMMC certification, your organization can gain a competitive advantage, build relationships with prime contractors, improve its cybersecurity posture, increase trust with customers and partners, reduce liability, and simplify compliance efforts. As the DoD ramps up NIST 800-171 audits and certification requirements for DoD contract eligibility become increasingly imminent, there's no better time to start your organization's CMMC journey. 

trategic Communications, a leading cloud services and IT solutions integrator, recently partnered with Zero Trust Solution Provider XQ. This partnership aims to bring XQ's solutions to federal and state agencies, helping them improve their critical infrastructure's security and privacy.

Incorporating XQ means you get incredibly safe, secure, and compliant customization on the infrastructure you control. Wherever and however you already work, simplify your sharing, upgrade your security, and achieve compliance quickly, cheaply, and effectively. If you’re still not ready for the May 2023 onset of CMMC, we can help. Book a time to talk, email us, or subscribe to our CMMC newsletter now!

Scoping is a key part of the CMMC assessment process. Per CMMC Assessment Guide Level 2, “The CMMC Assessment Scope informs which assets within the contractor’s environment will be assessed and the details of the assessment.” In other words, scope determines which organizational assets are relevant when conducting CMMC assessment and certification. Scoping can be confusing, so we’ve dedicated this post to simplifying things for our readers.

Are you interested in learning more about preparing for CMMC assessment, including gap analysis, gap closure, and documentation? Read on! If you missed the first post, see Preparing For CMMC Assessment, Part One!

This blog is part one of a two-part series outlining the steps contractors can take, regardless of their unique conditions or approaches, to begin ‘doing’ CMMC. Following these blog posts will be individual posts outlining how to accomplish the listed steps in even greater detail. Today’s blog outlines steps one through three.

Unlike CMMC Level 1, compliance with Level 2 practices cannot be self-assessed. The formal Level 2 CMMC Assessment Process (CAP) can take months to complete! Understand the CMMC Level 2 Assessment Process and begin preparations for CMMC before requirements appear in DoD contracts in May 2023!

This blog introduces

• CMMC Level 2 Requirements

• The formal CMMC Assessment Process (CAP)

CMMC practices are organized into 14 domains, which are categories that reflect the areas of security that the practices cover. These include Access Control, Awareness and Training, Audit and Accountability, Configuration Management, Identification and Authentication, Incident Response, Maintenance, Media Protection, Personnel Security, Physical Protection, Risk Assessment, Security Assessment, System and Communications Protection, and System and Information Integrity. Each domain contains a different amount of practices, and with each level of certification, more practices are needed.

XQ ZTD Based CMMC Level 2 Compliance For Microsoft 365 Business Premium

Email and Files is the primary operational mode for many small businesses and Microsoft 365 Business Premium is already the market leader. XQ’s Zero Trust Data (ZTD) can be added to a small business account within an hour to provide 94 of the 110 requirements to meet Level 2 CMMC compliance.

While contractors can use outside support (like a Certified CMMC Professional or even C3PAO), CMMC Level 1 compliance is ultimately self-assessed and the contractor's responsibility. Contractors scope and evaluate their compliance using the CMMC Level 1 Assessment Guide, based on the assessment guidelines described in NIST Special Publication (SP) 800-171A Section 2.1 and whose practices align with FAR Clause 52.204-21. 

What is the Difference Between CMMC 1.0 and CMMC 2.0?

After the initial version of CMMC (CMMC 1.0) was met with widespread criticism, the DoD modified the framework. The DoD replaced the 2019 framework with CMMC 2.0 in 2021. It is a more dynamic, flexible, and industry-friendly version of the original. CMMC's redesign is focused on reducing compliance and certification costs, especially for small businesses; building trust in the assessment ecosystem; and (3) redefining CMMC cybersecurity requirements in alignment with widely recognized cybersecurity standards.

Malicious cyber actors are increasingly targeting the Defense Industrial Base (DIB) sector and the Department of Defense (DoD) supply chain. By exploiting vulnerabilities in cyber security, bad actors can steal valuable intellectual property and sensitive information, undercutting technical advantages, impairing innovation, and increasing risks to national security. The Cybersecurity Maturity Model Certification (CMMC) is a product of the Department of Defense’s (DoD’s) need to protect American interests against this growing threat.

CMMC improves, standardizes, and verifies cyber hygiene practices across the DIB. It outlines the required cyber security measures DIB members must take to protect non-classified, sensitive information across three maturity levels. Each level prescribes security practices commensurate with the sensitivity and risk of a specific category of information or data.