CMMC

Get CMMC Right the First Time: Why Scope Comes Before Everything Else

Get CMMC Right the First Time: Why Scope Comes Before Everything Else

July 8, 2025
Author: Brian Blakley, Chief Risk Officer at Compliance Scorecard When defense contractors call asking about CMMC Level 2 readiness, what's your first move? Some MSPs don’t know where to start. Others jump straight into gap assessments and tool evaluations while clients review contracts, update clauses,...
DIB

2025 Mid-Year Compliance Update for MSPs with a Focus on CMMC Level 2

June 25, 2025
CMMC Level 2 is now live—and many MSPs are getting burned by jumping in too fast. The mistake we’re seeing repeatedly: scoping too broadly, pulling the client’s entire environment into play, and driving up costs before requirements are clearly defined. Besides being expensive, it can...
Pentagon

CMMC Compliance Guide for MSPs: What You Need to Know in 2025

January 15, 2025
Your MSP doesn't have to be directly involved in defense contracts to be considered a worthy target for cyber criminals. If you’re involved in US military operations at any level, you’re at risk. The Cybersecurity Maturity Model Certification (CMMC) framework was designed to protect the...
DoD Proposes New CMMC Rule

DoD Proposes New CMMC Rule for Defense Contracts

August 16, 2024
Amendment Requires CMMC Inclusion in All Pentagon Solicitations and Contracts The Department of Defense (DoD) has officially released a proposed rule that will integrate Cybersecurity Maturity Model Certification (CMMC) requirements into the contracting process. This new regulation is part of a broader effort to ensure...
The Quick Guide to GRC for MSSPs

The Quick Guide to GRC for MSSPs

February 22, 2024
What is GRC and why should MSSPs and MSPs pay attention to its growing importance?  We nail down the basics in this post to help you realize its potential for your managed services. What is GRC? Coined by the Open Compliance and Ethics Group in...
Why the CMMC Update Presents a Business Opportunity for MSPs

Why the CMMC Update Presents a Business Opportunity for MSPs

February 5, 2024
In December 2023, the Proposed Final Rule for the Cybersecurity Maturity Model Certification (CMMC) program was published by the Department of Defense (DoD). The changes to the CMMC cybersecurity framework impact DoD contractors and the MSPs and MSSPs that service them. In this article, we’ll...
CMMC and the impact on Managed Service Providers

CMMC and the impact on Managed Service Providers.

July 20, 2022
Let’s take a bit to talk about the Managed Service Provider industry and CMMC. There seems to be a lot of uncertainty these days around how CMMC will impact MSPs, and even some doubts around whether it will impact the MSP space at all. All...
Is CMMC Dead?

CMMC Resources from Microsoft

April 21, 2022
If you are looking to add to your CMMC compliance program some of these Microsoft resources may be helpful! Blog Title Aka Link Accelerating CMMC compliance for Microsoft cloud (in depth review) https://aka.ms/CMMCResponse Updated! Microsoft CMMC Acceleration Program Update – January 2021 http://aka.ms/CMMCAccelerationProgramUpdate History of Microsoft...
Is CMMC Dead?

Is CMMC Dead? Why should I care?

November 19, 2021
The rumblings of CMMC over this past month Department of Defense published the “Cybersecurity Maturity Model Certification (CMMC) 2.0 Updates and Way Forward” document and outlines the CMMC background and way forward based on the Department’s internal review. These changes include: Narrowing of levels down...
Magnifier

How the evolution of CMMC will allow you to add a significant revenue stream to your company in 2021 (and beyond)

February 15, 2021
CMMC 101 - Looking Backwards so you can move Forward The history and background of CMMC/DFARS/NIST, how to effectively guide your current clients and prospects, and what a typical compliance engagement looks like. (Hint – it’s not what you’re thinking.) We discuss CMMC & DFARS...
5 Levels of CMMC

The CMMC Interim Rule and NIST (SP) 800-171 Implementation

January 15, 2021
Why an “Interim Rule” for CMMC Since 2018, most defense contracts have been subject to DFARS clause 252.204–7012: Safeguarding Covered Defense Information and Cyber Incident Reporting. This clause requires contractors to apply the 110 security requirements detailed in the National Institute of Standards and Technology’s...
CUI

What is Controlled Unclassified Information (CUI)?

January 14, 2021
January 14, 2021 | What is Controlled Unclassified Information (CUI)? CUI is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to...