While contractors can use outside support (like a Certified CMMC Professional or even C3PAO), CMMC Level 1 compliance is ultimately self-assessed and the contractor's responsibility. Contractors scope and evaluate their compliance using the CMMC Level 1 Assessment Guide, based on the assessment guidelines described in NIST Special Publication (SP) 800-171A Section 2.1 and whose practices align with FAR Clause 52.204-21. 

What is the Difference Between CMMC 1.0 and CMMC 2.0?

After the initial version of CMMC (CMMC 1.0) was met with widespread criticism, the DoD modified the framework. The DoD replaced the 2019 framework with CMMC 2.0 in 2021. It is a more dynamic, flexible, and industry-friendly version of the original. CMMC's redesign is focused on reducing compliance and certification costs, especially for small businesses; building trust in the assessment ecosystem; and (3) redefining CMMC cybersecurity requirements in alignment with widely recognized cybersecurity standards.

Malicious cyber actors are increasingly targeting the Defense Industrial Base (DIB) sector and the Department of Defense (DoD) supply chain. By exploiting vulnerabilities in cyber security, bad actors can steal valuable intellectual property and sensitive information, undercutting technical advantages, impairing innovation, and increasing risks to national security. The Cybersecurity Maturity Model Certification (CMMC) is a product of the Department of Defense’s (DoD’s) need to protect American interests against this growing threat.

CMMC improves, standardizes, and verifies cyber hygiene practices across the DIB. It outlines the required cyber security measures DIB members must take to protect non-classified, sensitive information across three maturity levels. Each level prescribes security practices commensurate with the sensitivity and risk of a specific category of information or data.

The DoD published an update to its Zero Trust Strategy (attached). The most important item is data's increased role in their Zero Trust strategy. In the past, the DoD defined Zero Trust primarily from a network, device, and identity perspective (the data component was not prominent). Two changes drive the evolution of the DoD’s Zero Trust Strategy; 1/ the growth of sensor/imaging data and ensuring that it is available to front-line personnel and 2/real-world experience from Ukraine in which wireless networks are continuously jammed. These two factors have resulted in a new warfighting model in which mission-critical data is stored at the edge along with authorization policies. In fact, the only example of Zero Trust in action on Page 6 is about moving away from the older approach to locking down data in one place to allowing any authorized user to access data WHENEVER and WHEREVER they are (they actually capitalize those words).

Recent high-profile cyber security breaches illustrate the extraordinary costs that failing to maintain robust and effective cyber defenses presents across industries.

The examples below reveal that companies incur significant losses due to financial settlements, steep regulatory penalties, loss of reputation, and penalties.

This is the third part in a multi-part tutorial series on deploying and managing XQ’s Secure Gateway. In this video, we will cover deploying your first gateway.

this is the second part of a multi-part tutorial series on deploying and managing XQ’s Secure Gateway. In this video, we will cover configuring your first XQ Secure Gateway.

in this multi-part tutorial series, we will show you how to deploy and manage XQ’s Secure Gateway. In this video, we will cover XQ’s Gateway Web Portal. Secondly, we will walk through configuring your first gateway and deploying XQ’s Secure Gateway on Ubuntu.

Exponential improvements in computing power mean that smart technologies can help communities tackle civic challenges efficiently and effectively to ensure equitable outcomes. Following a trust-centric resident-first approach, we outline five ideas that could help foster community empowerment.

Organizations need to adopt a new security model to protect their clients, teams, data, and applications effectively. In a Cyber Security Matters episode, hosts Dominic Vogel and Christian Redshaw joined Junaid Islam, Co-Founder of XQ Message, the leader in data-centric digital trust discuss the best security practices for organizations, Zero Trust, and concerns in cyberspace.

New collaboration at the Discovery Park District at Purdue is creating a technology governance framework to empower its citizens to drive trust, sustainability and innovation.

Listen to the latest podcast featuring our very own Junaid Islam, CTO of XQ Msg, and learn how XQ is securing the future of Smart Cities with quick deployment of Zero Trust Cybersecurity.

The three key points for this short - 10-minute podcast are:

With protection at the data level, XQ Msg can protect through the complete life-cycle

Network agnostic data protection allows for an infinite number of applications

Interoperability reduces the cost of deployment

XQ is the first data protection solution built on a Zero Trust model. With XQ encryption, a Smart City can provide selective access to data. We can even establish secure cryptographic gateways between multiple data lakes.

XQ Secure Forms is easy to set up and is a hassle-free solution for safely receiving client information. XQ works with your existing form, so no need to replace the form solutions you have already invested in.

In a recent developer roundtable discussion XQ held on August 17, 2021, our Head of Corporate Development, Kelby Price, and Zero-Trust expert Junaid Islam spoke with a group of senior developers about their thoughts between open versus closed source as part of their security API’s.

On August, 17, 2021, XQ hosted their first developer roundtable discussion with developers and our very own, Kelby Price and Zero-Trust expert, Junaid Islam. The event centered around Zero Trust, APIs, DevSecOps, and cybersecurity challenges in the software development industry.

XQ held their first developer roundtable discussion on August 17, 2021, hosted by our Head of Corporate Development, Kelby Price, and Zero-Trust expert, Junaid Islam. They spoke with a group of senior developers on their thoughts about application security.

Within a healthy cybersecurity culture, all team members care about maintaining the security and integrity of data. This means the values and practices of an organization align with protecting the intellectual property, personal data, and business assets of the company and its customers.

Cyber risks will continue to increase in 2022. Part of this increase is due to the digitization of banking, education, and even healthcare services, all of which were radically accelerated due to the pandemic. Such trends will continue to be catastrophic for governments, enterprises, and people alike.