Free Cybersecurity Educational Resources Available to the General Public
TL;DR: CMMC for multiple CAGE Codes: Can a company file one SSP in the DoD’s SPRS that covers multiple subsidiary CAGE Codes? The answer depends on the degree of vertical IT integration. “One SSP for All” doesn’t work when mergers & acquisitions fuel growth and vertical IT system integration lags. KLC Consulting finds compliance efficiency …
Top Cybersecurity Threats Defense Contractors Face in 2023 By Kyle LaiPresident and CISO, KLC Consulting Introduction Companies that sell to the U.S. Department of Defense are working to improve their cybersecurity posture in anticipation of CMMC requirements. With final DoD CMMC rulemaking expected in 2Q 2023 (1). CMMC clauses will begin to appear in DoD …
The Top 6 Cybersecurity Battles Defense Contractors Face in 2023 Read More »
These common missteps and misconceptions may be keeping your vulnerability management from being the best it can be. Multiple breaches, including the massive 2017 data breach at the credit reporting agency Equifax, have been traced back to unpatched vulnerabilities—a 2019 Tripwire study found that 27% of all breaches were caused by unpatched vulnerabilities, while a …
Vulnerability management mistakes CISOs still make Read More »
KLC Consulting’s president, Kyle Lai, recently shared his insights in CSO Magazine about the 10 most common pitfalls CISO’s make when trying to keep their vulnerability management up to snuff. The number of unpatched vulnerabilities identified have risen anywhere from 27% to 60% over the past several years. This comes as no surprise to cyber …
10 Mistakes CISO’s Make in Vulnerability Management Read More »
DOD: Failure to implement NIST 800-171 may be a material breach The Department of Defense, (DoD), takes the protection of controlled unclassified information, (CUI), on contractor information systems seriously. On June 16, 2022, the DOD warned that failure to comply with DFARS 7012 and 7020 (submission to SPRS), may result in contract termination by your contract officers. Contractors …
Kyle Lai, President and CISO of KLC Consulting, was thrilled to be interviewed along with Carter Schoenberg, VP of Cybersecurity at SoundWay Consulting, on the cuicktrac podcast to discuss the common CMMC 2.0 Scenarios and key strategies for organizations seeking CMMC certification. powered by Sounder Thanks to Derek White, Co-Founder and Director at cuicktrac for …
This 1m video features Kyle Lai explaining the differences between these DFARS clauses for DoD Prime and Subcontractors DFARS Clauses applicable to DoD Defense Industrial Base Companies U.S. DoD cybersecurity expert Kyle Lai presents this DoD DFARS Clauses Explained video. Some people are confused about the requirements of DFARS 252.204-7012, 7020, and 7021. Or cybersecurity …
This 2m video features Kyle Lai explaining DFARS flow down requirements for DoD Prime and Subcontractors DFARS Flow Down Requirements Video (Continued) Recent questions about Flow Down Requirements Let’s discuss a couple of questions related to the flow-down requirements for DFARS 252.204-7012, 7020, and 7021. Or cybersecurity maturity model certification, or CMMC. First question: Flow …
KLC Consulting keeps you up-to-date with what’s happening on the front lines of CMMC and NIST 800-171 in our role as a CMMC-AB cleared candidate C3PAO. CISA Issues “Shields-Up Alert” CISA (Cybersecurity & Infrastructure Security Agency) issued a Shields-Up cybersecurity alert to all Defense Industrial Base (DIB) companies in response to increasing cyber threats from …
Kyle LaiPresident and CISOKLC Consulting, Inc.CISSP, CSSLP, CISA, CDPSE, CIPP/US, CIPP/G, ISO 27001 Lead Auditor CMMC with Microsoft Azure discussion points: I still receive questions about which versions of (Microsoft) Azure support CMMC, NIST 800-171, and DFARS 252.204-7012: In short – it depends: Federal Contract Information (FCI): Requires CMMC Level 1 – Azure Commercial meets …
