Proper storage of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) is at the core of a healthy and satisfactory compliance program. The issue? There seems to be ample confusion on what CUI and FCI are, the difference between the two, and where they officially can be stored. Improper storage of both CUI […]
A major DoD aerospace engineering partner for manufacturers in the Defense Industrial Base (DIB), was concerned about their lack of a compliance program. Knowing CMMC was advancing in rulemaking stages, it would be a matter of time before contract requirements included CMMC certification. Working with 112Cyber CRC’s team of CMMC consultants, the organization was able […]
Creating a Data Flow Diagram (DFD) is a foundational step in achieving Cybersecurity Maturity Model Certification (CMMC) compliance. DFDs offer a visual representation of how Controlled Unclassified Information (CUI) traverses through an organization’s systems. The process of identifying how FCI and CUI traverse an organization also highlights the people, processes, and technology that come in […]
As defense contractors and manufacturers progress toward CMMC Level 2 compliance, a critical area of ambiguity lies in how Operational Technology (OT) is treated within the current Level 2 Scoping Guide. Specifically, the treatment of OT within the category of “specialized assets” leaves significant room for interpretation — and potential misalignment with the practical realities […]
Identifying how and where Controlled Unclassified Information (CUI) is stored, transmitted, and processed within your organization is a critical first step to achieving CMMC compliance. Many organizations overlook this step, however, leading to gap assessment fatigue, unwanted costs, and a lack of leadership and organizational buy-in. In this article, we’ll break down everything you need […]