Proper storage of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) is at the core of a healthy and satisfactory compliance program. The issue? There seems to be ample confusion on what CUI and FCI are, the difference between the two, and where they officially can be stored. Improper storage of both CUI […]
We recently attended one of the most anticipated cybersecurity conferences of the year—ISC2 Security Congress 2025. Held at the Gaylord Opryland Nashville, thousands gathered to learn the latest in cybersecurity. While it wasn’t a Defense Industrial Base-focused show, the overlap between cybersecurity and compliance was clear. Our exhibitor booth welcomed several compliance professionals, all of […]
It’s official, 48CFR has been published and the CMMC Phase 1 rollout is just 60 days away. Defense Industrial Base (DIB) contractors are understandably beginning to search for information regarding the recently finalized DFARS rule (Case 2019-D041), formally integrating the Cybersecurity Maturity Model Certification (CMMC) requirements into the DoD acquisition process. This is a big deal—especially […]
In CMMC, continuous monitoring stands as a pivotal component in safeguarding sensitive information. For organizations aiming to achieve Cybersecurity Maturity Model Certification (CMMC) Level 2 compliance, a thorough understanding and implementation of ‘continuous monitoring’ and its role in Risk Management is essential. It is easy to conflate three closely related topics, Continuous Controls Monitoring (CCM), […]
You’re more than aware of CMMC’s ever-changing nature—we sure are! From publication dates, commentary periods, and everything between, it’s hard to keep up. That’s why we wanted to give you a heads up on the latest in DoD Land. On top of CMMC-specific changes, certain updates in the Department of Defense (DoD) can understandably […]
As a security compliance professional, your daily work leads to one goal: passing a C3PAO assessment and maintaining a CMMC-compliant status. This of course is much easier said than done. So, throughout this process, it’s difficult to account for every nuance in publications—especially as they come out. That’s why we’re here for a little “just so […]
Creating a Data Flow Diagram (DFD) is a foundational step in achieving Cybersecurity Maturity Model Certification (CMMC) compliance. DFDs offer a visual representation of how Controlled Unclassified Information (CUI) traverses through an organization’s systems. The process of identifying how FCI and CUI traverse an organization also highlights the people, processes, and technology that come in […]
Clearwater, FL – April 23, 2025 — 112Cyber, a leading compliance consulting firm and authorized C3PAO, is proud to announce that it has been recognized by the Tampa Bay Business Journal as one of the Best Places to Work in 2025. For a third year in a row, 112Cyber has been named as one of […]
Getting assessed by a Certified Third-Party Assessment organization (C3PAO) is required for CMMC compliance — but not all C3PAOs are made equal. With dozens of C3PAOs to choose from, it’s important to partner with one that can efficiently and accurately guide you through the assessment process. Here are nine critical red flags to watch out for […]
As defense contractors and manufacturers progress toward CMMC Level 2 compliance, a critical area of ambiguity lies in how Operational Technology (OT) is treated within the current Level 2 Scoping Guide. Specifically, the treatment of OT within the category of “specialized assets” leaves significant room for interpretation — and potential misalignment with the practical realities […]