charlesit.com

This framework is a certification procedure designed to assure the DoD that DIB contractors are capable of protecting sensitive information such as Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). ALL DoD contractors are required to be CMMC compliant CMMC regulations state that all DoD contractors need to get a certification prior to bidding for a government project. This means that contractors who acquire level three certification under the CMMC framework are known to implement all of the NIST SP 800-171 security requirements, have good cyber hygiene to meet most cyberthreats, and are able to keep CUI secure. When the DoD released the Defense Federal Acquisition Regulation Supplement (DFARS) for contractors, there was some confusion which led to its slow adoption.

If you’re an existing US Department of Defense (DoD) contractor, then you’ve probably achieved Defense Federal Acquisition Regulation Supplement (DFARS) compliance by now. To protect all controlled unclassified information (CUI) that the DoD handles, the department required all of its contractors to meet certain cybersecurity requirements — known as DFARS compliance — by December 31, 2017. By categorizing its contractors into different levels, the DoD can ensure that contractors for each project have the appropriate cybersecurity practices and processes in place to protect FCI and CUI. While self-assessment is enough in achieving DFARS, CMMC requires an external assessor to evaluate the cybersecurity posture of DoD contractors and assign them with their appropriate CMMC level.

Thanks to public cloud computing’s orchestration technologies, businesses’ automated tasks in the cloud — including disaster recovery — are seamlessly coordinated, enabling fast recovery of critical workflows. Fortunately for those who don’t have the time and resources to manage their own data center for disaster recovery and other computing needs, the public cloud offers an attractive alternative. With public cloud DR plans, computing resources can be paid At Time of Test (ATOT) or At Time of Disaster (ATOD) periods. Access to great technical expertise and new technology, the physical separation of data from potentially unsafe premises, and increased resiliency make public cloud disaster recovery an attractive solution compared to purely in-house recovery processes.

The public cloud is a cloud computing model in which IT services, including email, storage, or infrastructure, are provided over the internet. The public cloud may be suitable for companies with predictable computing needs, but those that use resource-intensive applications are better off running them on on-premises servers to avoid issues. Note that even a big, reputable public cloud provider like AWS can suffer from an outage that results in major service disruptions among businesses that use their services. Think of public cloud infrastructure as a gated community where your neighbors (i.e., other businesses whose data are in the same public cloud infrastructure as yours) can possibly put your home at risk.