CMMC Resources

CMMC Resources

CMMC Specific Resources

The CMMC will be the law of the land and compliance for DoD manufacturers will be mandatory. MISI is a leader in helping small and medium sized businesses prepare for compliance. Our test and evaluation of solutions and best practices occurs in our labs but also in the field. We leverage a broad array of technology solutions and conduct preparedness audits using the least of amount of friction. We strive in automating the process to reduce the risk.

Defense Industrial Base Cybersecurity Maturity Model (CMMC) Conference (For videos of the conference, click on the Resources Video tab.)

Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification

Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification FAQs

Industrial Safety and Security Source (ISSSource)

NIST will help create CMMC standards for third-party assessors [FedScoop]

CMMC Is Coming: Are You Ready? [JDSUPRA]

DoD Under Secretary Ellen Lord Warns Contractors of CMMC Fraudsters [MeriTalk]

Tech companies tell DoD its new cyber standards are missing the mark [Federal News Network]

Resources for Manufacturers

Manufacturers are increasingly under cyber attacks that are targeted at IT, OT and IIoT systems. The age old adage of air gap is no longer a reliable answer to securing manufacturing networks. Smart robots such as COBOTS used in small and medium sized manufacturing operations while cost effective, reduce the complexity of the cyber attack challenge for a hacker. MISI specializes in the securing small and medium sized manufacturers.

NIST Guide to Industrial Control Systems (ICS) Security

Dragos MISI DreamPort Partner Brief [PDF]

Nozomi Asset Intelligence Data Sheet [PDF]

The 5 Most Common Cybersecurity Threats to Manufacturers

Cybersecurity for Building Automation

Today's connected buildings utilize a wide range of connected technologies that integrate with IT, OT and IoT systems. Vital operations such as environmental controls for data centers can be disabled by a cyber attack and render useless the investments deployed as part of traditional cyber for IT.

CyberX Labs

Nozomi Networks

Remote Automated Penetration Testing

Traditional penetration testing is labor intensive and replete with solutions that produce standardized reports. MISI leverages remote automated penetration testing that reduces the cost and accelerates the time needed to understand potential threats to your environment. Penetration testing provides an independent assessment of solutions and processes you have already invested in to determine just how compliant and cyber resilient your organization is. The DoD CMMC requires pentesting as do other policies such as PCI DSS, HIPAA, GLBA/FFIEC, and U.S. laws and policies. A pentest differs from a vulnerability assessment in that it proves to a greater extent that a known or unknown vulnerability discovered by the testing organization can be exploited. A vulnerability assessment or scan can discover what is known but does not verify the risk of exploitation that is fully possible. A pentest passively proves how a vulnerability can be exploited and the techniques that that ban be used to exploit a vulnerability. A pentest is a great way to verify that vulnerabilities have been mitigated.

CATO is a world-class tool used by multiple industries to trust but verify the cyber resiliency of the organization against external or internal cyber attacks.

CATO Data Sheet [PDF]

Mitigation

Knowledge and assessments are the beginning of the journey to cyber resilience. But to ensure the ability to maximize cyber resilience, expertise is needed to mitigate vulnerabilities is needed. Find the knowledge needed to understand current threats and mitigation in our knowledge base.

Infragard

SANS Internet Storm Center

VirusTotal

Talos Intelligence

Google Safe Browsing

Spamhaus

Insider Threat and Anomaly Detection

The human is typically the wakes link in any organization. The employee with weak cyber hygiene, poor configuration management, credential theft, data exfiltration are all insder threats to the organization. MISI conducts test and evaluations of insider threats and in this knowledge base we provide links and information on solutions we have tested in our labs or in the field.

Jazz Networks

Cybersecurity Executive Roundtable: Selling to the Federal Government
Defense Industrial Base CMMC Conference Recap
CMMC Overview
What is the Process Towards Compliance?
Why You Should Join the CMMC Testing & Evaluation Program

Videos of the Defense Industrial Base Cybersecurity Maturity Model (CMMC) Conference

Defense Industrial Base CMMC Conference Opening and Keynote
Defense Industrial Base CMMC Conference Panel Discussion

If you have or want to have a contract with the Department of Defense containing sensitive information such as Controlled Unclassified Information (CUI), then you must follow the clauses of the Defense Federal Acquisition Regulation Supplement (DFARS).

Click Here to Subscribe

DOD Officials Discuss Cybersecurity Standards
The Virtual CISO Podcast: CMMC What You Need to Know About DoD Cybersecurity Regulation

Virtual CISO talks with Katie Arrington about CMMC and discusses MISI and DreamPort. Click here or image below to listen.

Virtual CISO Podcast
'CMMC Made Easy' | GovCon Chamber of Commerce (20 Mar 2020)
CMMC Made Easy | GovCon Chamber of Commerce 20 Mar 2020
DoD's Arrington on Game-Changing Cybersecurity Maturity Model Certification
rrington on Game-Changing Cybersecurity Maturity Model Certification
Dragos MISI DreamPort Partner Brief
Dragos MISI DreamPort Partner Brief
Dragos MISI DreamPort Partner Brief

Providing a Realistic Cyber Test Environment for Defenders

Nozomi Asset Intelligence Data Sheet
Nozomi Asset Intelligence Data Sheet
Nozomi Asset Intelligence Data Sheet

Nozomi Networks Asset Intelligenceā„¢ continuously updates Guardian™ appliances with rich OT and IoT device data so you can identify and respond to the most important security alerts faster.

Nozomi Asset Intelligence Data Sheet
NIST Special Publication: Guide to Industrial Control Systems (ICS) Security
NIST Special Publication: Guide to Industrial Control Systems (ICS) Security

Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)

CATO Data Sheet
CATO Data Sheet
CATO Data Sheet

CATO matches the operational cadence of real-world attacks by executing proven campaigns, operations, and tasks honed over eight years and a million hours protecting CyberPoint's customers. The results, or CATO Findings, are automatically generated by our expert system or manually created by our experienced operators and presented to the customer through dashboard service tiles.