Dan Baldini
CMMC Timeline Update - 32 CFR Final Rule Sent ...

On June 27, 2024 the CMMC Program Final Rule (32 CFR) has moved to the last step prior to finalization and publication.  The rule is now in OIRA (Office of Information and Regulatory Affairs) review.   This is the last step before publication in the federal register.

CMMC Timeline Update - 32 CFR Final Rule Sent For Final Review
Chris Rose
Defense Contractors and The Cloud: Which ...

In the age of CMMC and pending independent third-party assessments of defense contractors’ compliance with their contractual cybersecurity obligations, there is a lot of misinformation out there about which Microsoft 365 environment meets your regulatory compliant needs. As a Microsoft Direct CSP and Azure Government CSP partner, we (Ariento) figured we’d address the most frequent questions our team receives when working with clients on their government cyber compliance journey. Note: a lot of this evaluation can be applied to other public cloud service providers (e.g. Google, Zoom, Google, Amazon, etc.) as well.

Defense Contractors and The Cloud: Which version of Microsoft 365 is right for you?
Bryan Crosson
DOJ’s False Claims Act and why it matters to ...

On April 27, 2022, Aerojet Rocketdyne agreed to pay roughly $9 million to settle a False Claims Act complaint relating to overstated levels of cybersecurity compliance and controls. The case is significant because it is the first time that a whistleblower has successfully used the False Claims Act to hold a defense contractor accountable for cybersecurity fraud. The case also sets an important precedent for future whistleblowers who are trying to hold defense contractors accountable for cybersecurity violations.

DOJ’s False Claims Act and why it matters to Defense Contractors
Compliance
Chris Rose
An FAQ Guide to the CMMC (Pilot) Joint ...

With news that the Cybersecurity Maturity Model Certification (CMMC) implementation is being pushed back (again) to 2024, the CMMC pilot program (called Joint Surveillance) becomes ever more important as it is the only option for organizations that desire to be a first mover in receiving their CMMC certification. At last check, there have been a total of seven completed assessments under the pilot program, and while that may seem low, interest is clearly high as our CMMC Third Party Assessor Organization (C3PAO) teams continue to receive questions about the program from Organizations Seeking Certification (OSC). This blog post addresses the most common questions we have seen.

An FAQ Guide to the CMMC (Pilot) Joint Surveillance Program
Compliance
Bryan Crosson
What CMMC can and should learn from FedRAMP

In our role as NIST 800 series and Risk Management Framework (RMF) subject matter experts, we’ve worked closely with both third-party assessment organizations (3PAO) and companies at different points of the packaging process for Federal Risk and Authorization Management Program (FedRAMP) authorization.

What CMMC can and should learn from FedRAMP

Small Business

Why Military Veterans Are Well-Suited to Solve Our Economy’s Biggest Problem

Why Military Veterans Are Well-Suited to Solve Our Economy’s Biggest Problem

The American economy is in jeopardy, and most people don’t even know it. Small businesses account for 99% of all U.S. businesses. They employ 60% of Americans and are responsible for more than half of the United States gross domestic product (GDP). In 2015, 62% of all data breaches were of small to medium sized businesses per Symantec, and 60% of those businesses were forced to close their doors within 6 months of being attacked. These statistics are scary, and indicate we are one major cyber-attack away from an economic crisis. So how do we fix this?

The Myth of WannaCry (and all ransomware)

The Myth of WannaCry (and all ransomware)

A lot has been written about the WannaCry ransomware attack that spread through the globe beginning on May 12 of this year. Perhaps due to the clever branding of the malware, the reaction to WannaCry has been remarkable. Companies from help desk ticketing vendors to log management software developers have personally called me attempting to sell me their product or service on the basis of its ability to stop ransomware like WannaCry. I can only assume that these sales teams, armed with scripts and little actual knowledge of WannaCry or ransomware in general, have been effective in executing this scare tactic approach, otherwise I wouldn’t keep seeing it. Time to set the record straight.

The 3 Root Causes of Small Business Data Breaches

The 3 Root Causes of Small Business Data Breaches

In 2016, the Ponemon Institute completed a study on the “State of Cybersecurity in Small & Medium-Sized Businesses (SMB).” The study had many interesting findings, with highlights including:

  • 55% of small & medium business suffered a cyber-attack in the past 12 months
  • 50 % reported data breaches involving customer & employee information in the last 12 months
  • 3 out of 4 reported that exploits have evaded their anti-virus solutions

The results align with what we see every day with clients that call us for incident response and recovery services:

The Responsible Business Owner

The Responsible Business Owner

Resisting change is normal. We wouldn't be human if we didn't have an emotional, almost visceral reaction to major departures in the way things are done. You wouldn't be the successful business owner that you are if you jumped on every new product or service every time a sales person got you on the phone or showed up at your office. In fact, you'd be bankrupt and there would be no business left to run. 

In the world of change, there is temporary and there is permanent. Successful businesses are able to identify the difference between "trends" and "fundamental shifts". They resist the flash in the pan trends, but when they see a fundamental shift, they not only embrace it, they lead the way.

So, which is cybersecurity? 

100 years ago we didn't have to lock our doors

100 years ago we didn't have to lock our doors

One of the core criteria we often use when choosing where to live is safety. Given the choice, most of us don't choose to live in a dangerous neighborhood with a high crime rate. In the virtual world, we don’t have that same choice; we all live in a bad neighborhood when it comes to cyber. Whether it’s Beverly Hills, the Pentagon, or Rio de Janeiro, anyone can break into your systems at anytime and from anywhere. Unlike your physical house, you don’t have to be in the same zip code to break in. You don’t even have to be in the same country. All this in mind, we did a comparison between security in the physical world to that of the virtual world.

Do you travel? Follow these 7 tips to avoid being hacked

Do you travel? Follow these 7 tips to avoid being hacked

Whether it’s once and a while or you consider yourself a road warrior, the recent data breaches at HyattOmniTrump HotelsHard RockStarwood, and Hilton have brought to light just how vulnerable you are when you travel. Follow the seven tips below and you’ll be safer when you travel.

8 Simple Things Small Businesses Can Do to Drastically Improve Cybersecurity

8 Simple Things Small Businesses Can Do to Drastically Improve Cybersecurity

There simply isn't enough time in a day for most small businesses to run their core business, let alone protect themselves from hackers. For that reason, we put together this list of 8 simple tips, that aren't overly time consuming to implement and give small business owners the return on their time from a security standpoint.