Cybersecurity Maturity Model Certification (CMMC):
Cybersecurity Maturity Model Certification (CMMC):
Malicious cyber actors have targeted, and continue to target, the Defense Industrial Base (DIB) sector and the supply chain of the Department of Defense (DoD). The DIB sector supports the warfighter and contributes toward the research, engineering, development, acquisition, production, delivery, sustainment, and operations of DoD systems, networks, installations, capabilities, and services. The aggregate loss of intellectual property and certain unclassified information from the DoD supply chain undercuts U.S. technical advantages and innovation as well as significantly increases risk to national security.
The DoD is working with industry to enhance the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). As a part of this initiative, the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has developed the Cybersecurity Maturity Model Certification (CMMC) framework in concert with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDCs), and the DIB sector. (Cybersecurity Maturity Model Certification Model Overview Version 2.0 December 2021)
Bayside Networks’ CMMC Support to Defense Industrial Base (DIB) Contractors:
We are committed to supporting our DIB clients with a collaborative effort in implementing, maintaining, and complying with mandated CMMC requirements. We accomplish this by:
-
Assessing: Conducting an in-depth analysis of information technology (IT) systems and procedures to identify vulnerabilities
-
Remediation: Consulting and developing remediations of those vulnerabilities
-
Monitoring: Assisting in finding a Security Operations Center (SOC) Team to meet our client’s needs with continuous monitoring of IT systems. Providing backup assistance to the SOC
Our goal is to ensure our clients achieve success in developing their cybersecurity programs to meet their level of CMMC requirements in compliance with DoD directives.
Department of Defense CMMC Guidance
Supplier Performance Risk System (SPRS) Access for NIST SP 800-171
-
What is malware?Malware is a type of cyber threat and is a catch all term for dangerous software programs that can harm or steal your data, or even damage the software configuration of your computer systems. Malware programs become resident in a wide range of methods and they almost always have some type of nefarious purpose. The purpose of any particular piece of malware is normally referred to as the “payload”; like the warhead on a missile. Typical malware payloads include: - ransomware - enablement of remote access to your systems or data by a hostile party - data theft tools designed to allow identity theft of individual persons, customers or employee related data that may reside on your systems. Some forms of Malware depend on users to unwittingly open an infected e-mail attachment, others may enter your system by way of a security weakness in your system from an infected website that you might visit. Even very popular websites such as the DrudgeReport.com have been infected with and acted as a distribution point for spyware in the past. Often a site’s owner is unaware his site has been compromised and is being used to distribute malware.
-
How can I avoid getting malware?There is no “complete solution” on how to avoid malware but here are few basic tips that will help you avoid most of it: Know what devices are accessing your data. If you don't maintain a current inventory of your systems, it is difficult to assure they are all adequately protected against threats such as malware. > Bayside Networks offers a free of cost automated inventory system using a product known as Atera that solves this issue for all our clients Run current anti-virus software on all your PC's and make sure automatic security are setup to automatically download and install on your workstations (Windows Updates, Acrobat Updates, and Java Updates). These two simple steps can help avoid most (but not all) Malware infections in the first place. > High quality anti virus software should cost in the range of about $40/yr device or a little less. Bayside Networks normally recommends Microsoft Defender or Webroot for our clients. > If you use multiple computers (just about every business does), malware detection events should be reported to a centralized console that is professionally monitored. Bayside Networks offers this type of monitoring for anti-malware solutions that we recommend. Never open email attachments that don’t “look right” to you. Never open any attachment from a person or company that you do not know. Also, if an email looks odd to you, even from someone that you do know, call that person and ask if they sent it to you. Never agree to install anything from a pop-up message on the Internet –unless it is from a trusted site, for a program that you know you wish to install. Use an Internet access filtration service at your home or office, cloud based filtration services are best. Check out www.opendns.com for one possible option, especially the free level of their service. Google the terms “how to avoid malware” and become an expert!
-
What are some of the problems that Malware can cause?Stability problems with your computer, such as: loss of internet access, system freeze ups, partial or complete data loss, or other types of malfunctions Potential for your data to be accessed by an unauthorized outside party An potentially set you up as a distribution point for spam, such that your office gets “tagged” as a spammer, possibly jeopardizing the stability of your Internet connection.
-
How do I get rid of Malware it if I have it?First, give us a call here at Bayside Networks. We can always provide some initial advice on how to address your particular support need at no cost. Malware can be difficult to remove but there are a wide range of specialized removal tools along with an active “community” on the Internet that helps research and document removal methods for each type of Malware as it comes out. Here are a few facts and caveats about Malware removal: New Malware comes out all the time and there is often a period of time where the exact steps necessary to remove a new piece of Malware are unknown. We can sometimes still remove new Malware using basic removal steps that are rather universal in nature but it can be an inexact and time consuming process. Some Malware is designed to present an initial impression that it has been removed successfully, only to return after a period of time – sometimes several days. Some Malware damages the software programming on a computer to an extent that a machine may need to be reloaded. Reloading a machine is a time consuming, expensive and disruptive process. A full reload normally involves: Blanking out your computer’s storage space Reloading your operating system and programs All told, the above can take several hours to complete, potentially costing more than it would cost to replace your computer!