The CMMC Final Rule is now live and CMMC assessments are ongoing. CMMC will enter DoD contracts in mid-2025. CMMC Background Defense contractors handling controlled unclassified information (CUI) have been required to meet the 110 controls of NIST 800-171 since 2017. CMMC will validate compliance with NIST 800-171 through independent ... Read More

Tips for Digital Privacy and Security You might think business email compromise (BEC) attacks are only a concern for large financial institutions, but that’s not true. Online, everyone is a potential victim. In June 2021 a San Francisco-based charity, Treasure Island, lost $625,000 after hackers infiltrated the organization’s bookkeeper’s email ... Read More

While PreVeil’s platform protects CUI in Email and Files, CUI inevitably also comes in touch with your workplace’s endpoints.. Indeed, CUI is frequently processed, stored and/or transmitted via these types of endpoint devices. Thus many NIST SP 800-171 security controls focus on endpoint protection.   Endpoints are physical devices—such as ... Read More

On March 12, 2025, the Government of Canada launched the first phase of its Canadian Program for Cyber Security Certification (CPCSC) for defense contractors. As anticipated in our previous coverage, this program aligns with the US Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) program. CPCSC Overview Similar to ... Read More

The Department of Defense created the Cybersecurity Maturity Model Certification (CMMC) framework to standardize cybersecurity practices throughout the Defense Industrial Base (DIB). CMMC is designed to increase defense contractors’ accountability and compliance with existing DoD regulations.   CMMC has three levels. Once CMMC becomes law, all defense contractors—primes and subs—will ... Read More

If you’re a defense contractor handling Controlled Unclassified Information (CUI), then your contract will have a DFARS 252.204-7012 clause in it that requires you to protect that sensitive information. While that may seem clear enough, in practice it’s common for defense contractors to work with other contractors in their supply ... Read More

In July 2023 the DoD hit a milestone with submission of a CMMC rulemaking package to the Office of Management and Budget for review. This move signals DoD’s continued commitment to improving the cybersecurity of the Defense Industrial Base (DIB) and its desire to make CMMC the law of the ... Read More

All contractors doing business with the DoD will need to achieve CMMC compliance to remain eligible for contracts. CMMC requires that contractors undergo assessments to verify they comply with DoD security regulations. The law is expected to be codified in Q4 2024 and enter into contracts in early 2025. CMMC ... Read More

12 Steps to Get your Organization Ready for CMMC If you are a defense contractor, you will need to meet Cybersecurity Maturity Model Certification (CMMC) requirements to continue working for the DoD. CMMC is now final. It became effective on Dec 16, 2024 and enters into contracts mid-2025. We created ... Read More

The Department of Defense’s (DoD’s) recently released DFARS 252.204-7024 has created some confusion about SPRS scores, while at the same time shedding light on how the DoD uses its SPRS system. DFARS 7024 requires DoD contracting officers to consider SPRS (Supplier Performance Risk System) risk assessments to help determine if ... Read More