DTC Global

Authority. Expertise. Accuracy.

A recognized authority on DFARS & CMMC compliance. 

Begin now

Cybersecurity Maturity Model

Cybersecurity Maturity Model Certification* is a program established by the United States Department of Defense (DoD) in order to demonstrate their defense contractors' ability to safeguard and protect Controlled Unclassified Information (CUI) and Federal Contract Information according to the federal standards and DoD agency requirements.

Contact Us

*Fair use of the CMMC logo does not constitute any endorsement of DTC Global products and services.

Here For You

DTC Global – Help is on the Way

Jun 30, 2021 — Board member Regan Edens has resigned from the CMMC Accreditation Body after he publicly attacked a member of the CMMC-AB’s own Industry

Jun 30, 2021 — Board member Regan Edens has resigned from the CMMC Accreditation Body after he publicly attacked a member of the CMMC-AB’s own Industry

Reason for Action

Material Breach & Enforcement

In June, 2022 the Department of Defense (DoD) release a memorandum to affirm DoD contractors responsibilities and DoD contracting officers obligation to enforce these requirements for prime contractors, tier suppliers and subcontractors, and certain cloud services. 

    • DFARS 252.204-7012 requires a contractor to implement, at minimum, the NIST SP 800-171 security requirements.
        
    • Contractors must implement all of the NIST SP 800-171 requirements and have a plan of action and milestones for each requirement not yet implemented. 
    • Failure to have or to make progress on a plan to implement NIST SP 800-171 requirements may be considered a material breach of contract requirements.  
    • Remedies for such a breach may include: withholding progress payments; foregoing remaining contract options; and potentially terminating the contract in part or in whole.  
    • In accordance with DFARS 204.7303(b)(2) the Contracting Officer must verify, prior to award of a new contract, option exercise, contract extension or new procurement modification, task order, or delivery order.

    • The contractor must have the summary level score of a current NIST SP 800-171 DoD Assessment for that system posted in SPRS.
       
    • This requirement applies even if the new award does not include DFARS clause 252.204-7020. 
CMMC Regan Edens DTCglobal.us

Jun 30, 2021 — Regan Edens resigned Tuesday from the Accreditation Body after allegations of improperly profiting off his status as a CMMC board member.

Your Path To

Compliance

Cyber-AB Regan Edens DTCglobal.us

CUI Discovery

The cornerstone for all requirements! What is CUI? What are your CUI security requirements? Where does CUI flow within your operations? Who creates CUI? Where does CUI flow outside your company?

DoD policy requires contractors follow CUI laws, regulations, and government-wide policies. DoD also has unique requirements that must be applied to all CUI and specific requirements for certain categories of CUI. Your company is responsible for safeguarding and marking all CUI created and developed during the contract performance. GET ANSWERS.

Top CMMC Expert Regan Edens DTCGlobal.us

Risk & Security Assessments

These two requirements provide the foundation for your System Security Plan. Remember, although NIST guidance says they may be informal, but DFARS and CMMC require EVIDENCE for each control/practice every each assessment objective. Understand the requirements and controls with CERTAINTY. Document the risks related to the applicable CUI Basic & Specified Requirements. Document the security control assessment to determine your current conformity, gaps, and non-conformities for each control/ practice and each assessment objective. RM.L2-3.11/CA.L2-3.12

Top CMMC Expert Regan Edens DTCglobal.us

Plan of Action & Milestones

Turn your risks, non-conformities  and gaps into tasks on your plan of action and milestones (POA&M), which is your “To do” list managed across each impacted area in the company. The POA&M is the single point of failure for most companies.  Our CMMC ePU documentation is integrated into a special version of FutureFeed, which allows you to manage each task, progress, and deliverable across all your stakeholders.  From requirements to tasks,  tasks to people, people to activities, activities to deliverables, deliverables to budgets. CA.L2-3.12.2

Top CMMC Expert Regan Edens  DTCglobal.us

System Security Plan

The most important document as evidence you will produce on your path to compliance. NIST calls for “overwhelming evidence” of compliance and DoD and CMMC assessors enforce this expectation with rigor. DoD cites two major sources for failure… Failure to understand the requirements and failure to provide satisfactory evidence of compliance.

Do not make the mistake of investing 12-24 months of effort and thousands of dollars to “think” you’re right and place 30% or more of your revenue at risk. CA.L2-3.1.3

CMMC @ReganEdens CMMC Expert Dtcglobal.usWARNING- DoD is conducting 5 Day Notice Audits

 

  • Have you conducted your REQUIRED Basic Self-Assessment?
  • Have you reported your SPRS Score?
  • Do you have substantial evidence to support your score?

DFARS 7020 says, ” Requirement. In order to be considered for award, if the Offeror is required to implement NIST SP 800-171, the Offeror shall have a current assessment (i.e., not more than 3 years old unless a lesser time is specified in the solicitation) for each covered contractor information system that is relevant to the offer, contract, task order, or delivery order.

  • Many large prime contractors are enforcing minimum SPRS scores.
  • DoD analysis from the SPRS audits stated SIGNIFICANT finding based on a failure to understand requirements and lack of sufficient evidence.
Top CMMC Expert Regan Edens  DTCglobal.us

DFARS 7012 and CMMC Requirements are:

• HIGHLY COMPLEX and DEMAND SIGNIFICANT EVIDENCE

• DISRUPTIVE and COSTLY

• CONFUSING and AMBIGUOUS

DTC Global provides:

SPECIALIZED EXPERIENCE and “OVERWHELMING” EVIDENCE
• IMPLEMENTATION GUIDANCE AND AN EFFICIENT PATH TO CERTIFY
• CLARITY and CERTAINTY

DIY to INTENSIVE SUPPORT
• CMMP ePU – KNOW-DO-CERTIFY

CMMC Regan Edens DTCglobal.us.us

Introduction To CUI Fundamentals – Regan Edens

What you need to know about meeting Controlled Unclassified Information security requirements. This introductory video provides a first step in understanding the depth and breadth of complexity of CUI requirements for authorized holders within the defense industrial base (DIB) which is critical when executing contracts that contain or are subject to the DFARS contract clause 252.204.7012.

BEGIN YOUR PATH TO COMPLIANCE NOW

Our

Partners

Regan Edens, DTC Global #CUISupply #compliance #security #dfars7012 #CUI #mediamarking #governmentcontractors #NIST800 #governmentagency #CUIRegistry

Blog

Transforming an organization is one of the hardest, most thankless challenges any leader can undertake. The DTC Global blog can help break it down what you need to know about compliance into smaller, easier to digest components. 

Digital Transformation Daily

Today’s Cyber & Technology Headlines. Stay on top of what’s going on the CMMC ecosystem with up to the minute articles that can help you transform and accelerate your organizational maturity compliance. 

Additional Resources

There are significant risk factors shaping the CMMC Frame-work within the defense industrial and manufacturing base. Here are links to resources and other information you need. 

Contact Us Today!

Office

Dallas, TX 

Call Us

817-796-6838

Process design and implementation that are unambiguously compliant.