| In the Forest of CMMC - Here is How to See Through the Trees Hi everyone! It’s been a while since we have added our two cents on the current landscape of DFARS 7012 compliance. I’m sure you’ve heard of the Cybersecurity Maturity Model Certification. If you haven’t, please read up on it here: https://www.acq.osd.mil/cmmc/draft.html. While we have watched a slew of companies jumping on the bandwagon to provide [...]
Netflix Phishing Attacks Targeting 100 Million & Spreading
Yesterday, our FSO's received a notification from DISA regarding a phishing attack targeting Netflix account holders. This attack is directing customers to update their account details, specifically, the financial aspects - e.g. credit card information for monthly subscription billing. Since this is a phishing attack, these notifications are coming in the form of an email to the account holder with a more than convincing subject line, "Your suspension notification." The body proceeds to explain [...]
Why Most Contractors Won’t be Compliant by the Deadline
Many defense contractors have ignored this regulation until they (1) received something from their prime inquiring about their compliance status, or (2) they received a modification to their current prime or subcontract with the DFARS 252.204-7012 compliance requirement contained in the solicitation requirements. We don't blame them for wanting their prime, or the government, to prove that this requirement applied to their company, but no matter when or how the requirement was enforced, the deadline for [...]
Techni-Core Welcomes New Team Members!
FOR IMMEDIATE RELEASE Techni-Core Welcome's New Team Members! Huntsville, AL - 1 November 2017 1 November 2017 - Techni-Core is pleased to announce the addition of two new Team Members, Jason Burris and Kelly Liles! Jason has over 25 years of information technology and customer service experience, maintains Security+ and A+ certifications, and is a member of ISSA. He is highly skilled in providing an excellent customer experience and loves the challenge of solving a tough [...]
Maintaining Your DFARS 7012 Compliance
Inquiring minds (and our clients) want to know, is becoming compliant with DFARS 7012 by Dec. 31 the only goal? In simple terms, no - your compliance MUST be maintained. Let's dig into this complex topic. Lifecycle Management of your DFARS 7012 Compliance Think of your compliance as a product. In the government contracting world, you hear the term "lifecycle management" in reference to the management and maintenance of equipment. Proper methodologies and plans [...]
WannaCry Ransomware: Tips to Protect Yourself
By now, you've probably heard about the WannaCry Ransomware virus sweeping the nation. We've created some tips to keep you safe from this nasty virus. Microsoft released an update on March 14th that patched the vulnerability. If your systems are all up to date then you are protected against last week’s virus. Last week's virus exploited a vulnerability that was patched in that March update. Remember, you must reboot after installing updates for them [...]
PRESS RELEASE: We have released a second publication!
FOR IMMEDIATE RELEASE Techni-Core has released the second publication! Huntsville, AL - 25 April 2017 25 April 2017 - Techni-Core has published a second book, "DFARS UCTI Compliance Quick Start Guide for DFARS 252.204-7012, FAR 52.204-21, and NIST 800-171." In this guide, the writers discuss the DFARS 7012 regulation, NIST 800-171 industry best practices contractors are required to implement, and the path to reaching full compliance. Readers will gain an understanding of the time involved in the compliance process [...]
NFO Controls – “What you Should be Doing Anyway”
In August 2015, NIST 800-171 listed 62 Non-Federal Organization or NFO controls as "expected." Think of NFO as the controls you should already have in place. The additional 62 NIST controls marked "NFO," are not part of the "mandatory minimum." The Government expects them to be satisfied as part of your existing security policy. NFO items include controls covering every NIST category from Access Controls to Systems and Information Integrity -- they also include [...]
Continuous Monitoring for Peace of Mind
Continuous Monitoring is a piece of the NIST 800-171 rule that frequently gets overlooked as a requirement. There are many reasons for this, but the most frequent is that most companies think, once the security controls are implemented they are compliant. That's not the case. DFARS 252.204-7012 (Implementing NIST 800-171) as well as FAR 52.204-21, once the security controls are implemented, must be maintained. Continuous Monitoring enables information security professionals to see a continuous [...]
CUI Regs are Expected in 2017
While no regulations concerning CUI (controlled unclassified information) have come out yet, they are expected in 2017. Agencies like Homeland Security are already changing their own acquisition regulations. From our perspective as, not only a Defense Contractor but a Compliance Provider, there are certain things we expect to see in those forthcoming regulations. Our expectations are based on a September 2016 National Archives final rule that established a baseline for how contractors and agencies [...]