Compass IT Compliance Blog / Government

Subcontractor Survival: Meeting Prime Contractor CMMC Requirements

CMMC Factory

The cybersecurity landscape for the defense industrial base (DIB) has shifted. With the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 moving swiftly toward full enforcement, subcontractors are finding themselves under growing pressure — not only f …

Read Story

CJIS Security Policy v6.0 – Key Updates You Need to Know

Criminal Justice Information Services (CJIS) Security Policy v6.0

The Criminal Justice Information Services (CJIS) Security Policy v6.0, released on December 27, 2024, introduces significant modernization efforts aimed at enhancing security, compliance, and risk management in handling Criminal Justice Information (CJI). As technology and cyber threa …

Read Story

Understanding DoD Impact Levels for Cloud Security

DoD Impact Levels

The security of information is a cornerstone of the Department of Defense's (DoD) operations. To safeguard sensitive data, the DoD has developed Impact Levels (ILs), a framework that categorizes information systems based on their sensitivity and the potential impact of a compromise. T …

Read Story

New CJIS Requirements: What You Need to Know

CJIS Updates

In a recent Compass IT Compliance blog, we delved into the fundamentals of the Criminal Justice Information Services (CJIS) Security Policy (CSP), its applicability, and the criticality of CJIS Compliance, terminology, and the thirteen policy areas applicable at the time of that writi …

Read Story

NIST Cybersecurity Framework 2.0 – Key Takeaways

United States Department of Commerce

Last week, the National Institute of Standards and Technology (NIST) unveiled the second version of its Cybersecurity Framework (CSF), marking the first major new updates to NIST CSF since the framework's inception ten years ago. Initiated by Executive Order 13636, the development of …

Read Story

The SEC Cybersecurity Rules Are Now Effective – What You Need to Know

Stock Market

During the final week of July 2023, the U.S. Securities and Exchange Commission (SEC) unveiled new regulations focused on the reporting of cybersecurity events. This development coincides with a period marked by unprecedented levels of cyberattacks and their associated financial reper …

Read Story

Subscribe by email