Totem.Tech’s Cybersecurity Engineers have provided more than a decade of Information Assurance (aka cybersecurity) for the U.S. government. We created our Cybersecurity 101 e-book to help small to mid-sized DoD contractors understand these complex cybersecurity requirements (NIST 800-171 and CMMC).
The content for this e-book was created by our cybersecurity engineers and compliance analysts after working through our DoD compliance and assisting hundreds of contractors with their DoD requirements. It is important to us that our customers understand the importance of cybersecurity, even though most don’t have a cybersecurity or an IT background. We have taken a complex topic and simplified it down to 101 pages.
Included with this E-book is a 30 minute compliance assessment with one of our cyber engineers using the DoD’s Assessment Methodology. This will help you understand how to preform a self-assessment and understand how the DoD would score your company’s cybersecurity compliance.
If you are ready to dive deep into your compliance, we are here to help! It is important for us that all DoD contractors can afford cybersecurity assistance to help with this requirement. We provide education and hands-on help for contractors that want do the heavy lifting in their cybersecurity compliance. We will help you develop a compliant System Security Plan, Plan of Action and Milestones, and an Incident Response Plan.
If you want an expert to take care of your cybersecurity compliance, our consultants can provide a security controls assessment “gap analysis” and compare to the CMMC Level you are required or the NIST 800-171 standard. We will develop your System Security Plan and provide you a “get well plan” (aka your Plan of Action and Milestones).
The goal from our engineers and analysts was to provide clarity and practical guidance on many common questions about the compliance process. Here are some of those questions:
• Which DoD contractors need to complete the DFARS cybersecurity requirements?
• What are the differences between the CMMC and the original NIST 800-171 requirement?
• How do I get started with becoming complaint with DFARS cybersecurity requirements?
• If I utilize the cloud, am I still required to comply with DFARS cybersecurity requirements?
• What do I show auditors when they ask if my organization is DFARS compliant?
• Why does my organization need an incident response plan?
1.1 Brief overview of cybersecurity requirements (both NIST 800-171 and CMMC) and why they are there.
1.2 Does every Government Contractor have to comply? What is CUI? Do I have any CUI?
1.3 First Step: Segregating or co-mingling CUI with other corporate data.
2.1 Introduction to System Security Plans (SSP).
2.2 CMMC Level 1 / FARS 17 – How to prioritize implementation.
2.3 Addressing the other challenging controls.
3.1 Introduction to Plan of Actions and Milestones (POA&M).
3.2 Risk Assessment vs. Control Assessment.
4.1 Proactive doesn’t mean no incidents: Differences between an event, incident, and breach.
4.2 Introduction to Incident Response Plans.
4.3 Incident Response Reporting.
5.1 What is the cloud? Can I use it for DFARS compliance?
5.2 FedRamp and cloud service security requirements.
5.3 Who is responsible if there is a breach?
6.1 Importance of company buy-in to your cybersecurity policies.
6.2 Where to start? Company training and Authorized Use Policies (AUP).
7.1 Differences between control assessment, vulnerability scanning, pen testing, and risk assessments.
7.2 Understanding the DoD Assessment Methodology (DAM).
7.3 Schedule compliance assessment (included with your E-Book).