Orlee Berlove

Blog Archive - PreVeil

CMMC is designed to ensure defense contractors’ compliance with the existing NIST 800-171 and DFARS 7012 requirements through a detailed assessment process. Unfortunately, many defense contractors believe they can wait until CMMC comes into law in 2023 before meeting their compliance obligations. As is increasingly evident though, path can lead ... Read More

The Cyber Accreditation Board (Cyber AB) released its CMMC Assessment Process (aka CAP) just a few months ago. The CAP provides guidance for third-party assessments of organizations seeking to achieve CMMC Level 2 certification. CAP guidelines make it clear the assessment process will examine evidence of organizations’ compliance with DFARS ... Read More

Every defense contractor that handles Controlled Unclassified Information (CUI) has a contractual obligation with the DoD to comply with DFARS 252.204-7012. That 7012 clause requires contractors to implement the 110 security controls of NIST SP 800-171, developed specifically to protect CUI. Since going into effect in 2017, however, compliance with ... Read More

Investment to support PreVeil’s expansion into new markets PreVeil, a provider of cloud based end-to-end encrypted email and file collaboration solutions, announced today that it has raised a $20M Series C funding round led by PSG, a leading growth equity firm partnering with software and technology-enabled services companies to help ... Read More

The Department of Defense (DoD) will begin writing CMMC requirements into contracts in May 2023. That’s only 7 months away and companies are hustling to get up to code in time. But many organizations are bumping up against a big roadblock: DoD’s alphabet soup.     CMMC is a world ... Read More

If you are a defense contractor handling Controlled Unclassified Information (CUI), then you are required to implement the 110 security controls stipulated in NIST 800-171. That’s been the case since 2017, but self-assessment of compliance has been permitted and as a result implementation throughout the Defense Industrial Base (the DIB) ... Read More

The Department of Defense (DoD) has updated guidance that it will cement clauses 7019 and 7020 of its November 2020 Interim DFARS Rule into a Final Rule in December 2022. The DFARS Interim Rule—currently in effect—aims to strengthen NIST SP 800-171 compliance and requires that all defense contractors that handle ... Read More

In another show of momentum toward implementation of the Department of Defense’s CMMC framework, the Cyber Accreditation Board (Cyber AB) recently released its draft CMMC Assessment Process (aka CAP). The release of the CAP means that voluntary assessments can begin. In fact, according to Matthew Travis, CEO of the Cyber ... Read More

In a recent PreVeil webinar, Stacey Bostjanik, DoD CMMC Program Head, said that CMMC Level 2 assessors will check for defense contractors’ compliance with NIST SP 800-171, but not for compliance with DFARS 252.204-7012 (c)-(g) cyber incident reporting requirements. But don’t be lulled into complacency, you will still need to ... Read More

On June 24, 2022, senior Department of Defense officials addressed more than 2,400 registrants for PreVeil’s webinar, Countdown to CMMC Compliance. Participants heard the latest updates on the DoD’s CMMC program directly from Stacy Bostjanick (DoD, CMMC Program Head) and Dave McKeown (DoD, CIO and CISO), who also reviewed DoD’s ... Read More