.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Subcontractor Survival: Meeting Prime Contractor CMMC Requirements
by William DePalma on April 17, 2025 at 1:53 PM
The cybersecurity landscape for the defense industrial base (DIB) has shifted. With the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 moving swiftly toward full enforcement, subcontractors are finding themselves under growing pressure — not only f …
CJIS Security Policy v6.0 – Key Updates You Need to Know
by Kelly O’Brien on February 10, 2025 at 2:15 PM
The Criminal Justice Information Services (CJIS) Security Policy v6.0, released on December 27, 2024, introduces significant modernization efforts aimed at enhancing security, compliance, and risk management in handling Criminal Justice Information (CJI). As technology and cyber threa …
Understanding DoD Impact Levels for Cloud Security
by Jake Dwares on January 15, 2025 at 12:59 PM
The security of information is a cornerstone of the Department of Defense's (DoD) operations. To safeguard sensitive data, the DoD has developed Impact Levels (ILs), a framework that categorizes information systems based on their sensitivity and the potential impact of a compromise. T …
New CJIS Requirements: What You Need to Know
by Kelly O’Brien on March 20, 2024 at 2:45 PM
In a recent Compass IT Compliance blog, we delved into the fundamentals of the Criminal Justice Information Services (CJIS) Security Policy (CSP), its applicability, and the criticality of CJIS Compliance, terminology, and the thirteen policy areas applicable at the time of that writi …
NIST Cybersecurity Framework 2.0 – Key Takeaways
by Derek Boczenowski on March 7, 2024 at 1:30 PM
Last week, the National Institute of Standards and Technology (NIST) unveiled the second version of its Cybersecurity Framework (CSF), marking the first major new updates to NIST CSF since the framework's inception ten years ago. Initiated by Executive Order 13636, the development of …
The SEC Cybersecurity Rules Are Now Effective – What You Need to Know
by William DePalma on January 24, 2024 at 1:00 PM
During the final week of July 2023, the U.S. Securities and Exchange Commission (SEC) unveiled new regulations focused on the reporting of cybersecurity events. This development coincides with a period marked by unprecedented levels of cyberattacks and their associated financial reper …