Category: News

Top Considerations When Buying New IT Equipment

new IT equipment

Investing in new IT equipment is a smart move for any business that wants to stay competitive and efficient. However, choosing the right equipment can be a daunting task, especially for small and medium-sized businesses that may not have dedicated IT staff. In this article, we’ll explore some key factors to consider when selecting IT equipment for your business, and share some best practices for managing and maintaining your IT investment.

Why is upgrading IT equipment important for your business?

Before we dive into the specifics of selecting IT equipment, let’s take a step back and look at why upgrading your equipment is important in the first place. Here are some of the main benefits of investing in new IT equipment:

  1. Increased productivity: Newer equipment typically offers faster processing speeds and better performance, which can help your employees get more work done in less time.
  2. Enhanced security: Older equipment may lack the latest security features, leaving your business vulnerable to cyber threats. Upgrading to newer equipment can help you stay protected against modern threats.
  3. Improved efficiency: Newer equipment often has better energy efficiency, reducing your electricity bills and helping the environment.
  4. Competitive advantage: Upgrading your IT equipment can give you a competitive edge by enabling you to offer better products or services, or by making your business more agile and responsive.

Factors to consider when selecting IT equipment

Now that you know why upgrading your IT equipment is important, let’s take a look at key factors to consider when selecting it:

  1. Compatibility: Make sure that the new equipment you are considering is compatible with your existing IT infrastructure, including software, network, and peripherals. You don’t want to invest, only to find out that it doesn’t work with your existing systems.
  2. Scalability: Consider whether the new equipment can grow with your business. You don’t want to invest in anything that will be outdated in a year or two.
  3. User-friendliness: Look for ease of use. Your employees should be able to operate it without extensive training.
  4. Total cost of ownership: Consider the total cost of owning and maintaining the equipment over its lifetime, including maintenance costs, repair costs, and energy costs.
  5. Warranty and support: Look for equipment that comes with a comprehensive warranty and technical support. You want to make sure that you can get help if something goes wrong.

Best practices for managing and maintaining IT equipment

Once you’ve selected your IT equipment, it’s important to take good care of it to ensure that it lasts as long as possible and performs at its best. Here are some best practices for managing and maintaining your IT equipment:

  1. Keep your equipment clean: Regularly clean to remove dust and debris that can clog vents and cause overheating. Use a soft cloth and a gentle cleaner to avoid scratching the equipment.
  2. Update your software: Keep your operating system, applications, and security software up-to-date to ensure that you have the latest features and protection.
  3. Back up your data: Regularly back up your data to prevent loss in case of failure or a cyber attack.
  4. Monitor your equipment: Keep an eye on your equipment’s performance and check for any signs of malfunction or degradation. Address any issues promptly to prevent further damage.
  5. Schedule regular maintenance: Schedule regular maintenance, such as cleaning, updates, and hardware checks. This can help prevent problems before they occur and extend the life of your new technology investment.

Investing in new IT equipment can provide significant benefits for your business, but it’s important to choose the right technology and take good care of it. By considering the factors and best practices previously outlined, you can make informed decisions and get the most out of your IT investment. Additionally, working with a trusted IT provider can help simplify the process of selecting and managing IT equipment. They can help you assess your needs, recommend the right software/hardware, and provide ongoing support and maintenance.

At Back to Business I.T., we understand the importance of having reliable and efficient IT equipment for your business.

Our team of experienced professionals can help you select the right equipment, manage and maintain it, and provide technical support whenever you need it (even nights and weekends). We’re dedicated to helping your business stay competitive, efficient, and secure. Contact us today for a quote or assessment!

Department of Defense prepares rollout of national cybersecurity standards

DoD cybersecurity standards

By Tyler Greenwood, Vice President of Back To Business I.T. (originally published in the Dayton Business Journal)

Cyber incidents like the SolarWinds attack in 2019 and the Colonial Pipeline ransomware attack in 2021 have the U.S. Department of Defense (DoD) taking urgent action to strengthen national cybersecurity regulations.

report released last November found most prime contractors (and their subcontractors) hired by the DoD in the last five years failed to meet minimum cybersecurity standards, putting U.S. national security at risk. Security gaps in the federal supply chain have been well known for years, but attempts to fix them have failed.

Enter: CMMC

In response to heightened security risks, the DoD introduced Cybersecurity Maturity Model Certification (CMMC) program. Its goal is to ensure any company involved in the federal supply chain is protecting controlled unclassified information.

Under CMMC guidelines, more than 300,000 contractors must meet 110 NIST SP 800-171 controls, which the government sees as a reasonable cyber risk management approach. In addition, 80,000 of these organizations must complete a third-party assessment and certification to continue bidding on defense contracts.

When will CMMC certification be required?

The DoD is expected to release a final rule on CMMC framework by March 2023, which means contractors could start seeing requirements in RFPs/RFIs as early as May.

If your business is one of the 80,000 contractors that requires an outside assessment and certification, you may have less than a few months to do so. Failure to achieve compliance before the published rule could mean leaving money on the table and losing the ability to do business with the Department of Defense.

Getting started

If your company is still in the beginning stages of CMMC compliance, the time to act is now. Preparation and implementation of the following requirements can take upwards of 18 months. To get started on compliance, contractors should immediately:

  • Work toward meeting the 110 controls in NIST SP 800-171.
  • Identify their Supplier Performance Risk System (SPRS) score.
  • Create a system security plan (SSP).
  • Document plans of action and milestones (POA&M) to demonstrate how you intend to close any gaps for controls not yet met.

Next steps

If your organization has already started on CMMC compliance, consider conducting a preliminary self-assessment to see if you satisfy requirements. This can provide a range of helpful information to ensure you have everything functioning as expected once you’re ready to formally self-attest or go for your official certification.

If your business wants consultative guidance, including assistance walking you through standards you didn’t meet, explaining why, and offering suggestions on closing those gaps, you might find it beneficial to work with a CMMC Registered Provider Organization (RPO), such as Back To Business I.T.

As a full-service I.T. firm and the region’s leading CMMC-AB RPO, Back To Business I.T. can help you achieve NIST SP 800-171 compliance as well as help you prepare your plan of action and milestones (POA&M) and system security plan (SSP) required for CMMC certification. Learn more at www.backtobusinessit.com/cmmc-readiness.

Ransomware 3.0 | Cyber Risks in IoT Devices

news from microsoft

Ransomware 3.0

Ransomware attacks continue to get worse. They have now expanded to extort not just the companies, but also contractors and customers, in a “Triple Threat”. In addition to encrypting a victim company’s data, they will also exfiltrate, or download, copies of company data and emails. They will ask for one ransom to decrypt the computers, a second ransom to not make the stolen data public, and then the newest ransom attack. They reach out and present the data to customers, contractors, and business partners and demand a ransom from them in order to not have the data published. With phishing emails still being the number one attack vector for ransomware, be sure you have sufficient protection for your company. A combination of quality user education, phishing exercises and awareness campaigns, and system endpoint protections provides an in depth defense to this constantly evolving threat.

What does this mean for your business?

Back To Business I.T. has you covered. Our cybersecurity training programs are customized to meet the needs of your workforce and are designed to create a “human firewall” inside of your business. Building upon that, we offer state-of-the-art intrusion detection systems to stay one step ahead of cybercriminals. Don’t become a cyber statistic. Contact our team today and get Back To Business.

LinkedIn breach could mean your information was exposed

Just when you thought you had seen it all, think again! LinkedIn is the latest victim of phishing attacks. According to USA Today, firms are stating that cyber attackers are now posing as “boring, authentic, cubicle-office dwellers.” On top of these reported phishing attempts, CyberNews reports that the cyber attackers have also scraped data from 500 million LinkedIn accounts. The information leaked includes LinkedIn IDs, full names, email addresses, phone numbers, and various other sensitive information. Due to the leak of information, customers may be susceptible to increased email and text spamming or phishing.

What does this mean for your business?

Tighten up your security measures, and encourage your employees to do the same. Be conscious of strangers requesting to follow your LinkedIn profile. Consider changing your password periodically. Enable two-factor authentication for your account if possible. This additional layer of security serves as another barrier between your information and bad actors on the internet.

Manufacturing systems and IoT devices present high risk

IOT and other embedded manufacturing systems can present a high risk to your data and operations if not properly secured. Basic security steps can greatly improve your overall risk posture. From doorbells and cameras to CNCs and additive manufacturing systems, there are simple steps you can take to reduce the risk and exposure of the business side of your operations.

What does this mean for your business?

Your network is unique, and your security measures should be too. Your manufacturing systems and devices should be protected using industry best practices. Preventative steps such as changing default passwords, keeping your systems properly patched, and separating crucial systems from the rest of your network can make the difference between a few minutes of down time, and your entire operations coming to a halt. Our team is experienced in manufacturing environments, and passionate about our clients’ security. Contact us today to learn what we can do for your operations.

Microsoft announces 24 new issues posing cybersecurity threats

Microsoft announced the discovery of 24 issues in a wide range of IoT and OT devices. These issues allow malicious individuals to execute code on or crash your devices. This affects a wide range if industrial, medical, and enterprise devices. It is vital to your security to have an active inventory of the assets on your network, monitor them for vulnerabilities, and patch them regularly.

What does this mean for your business?

Our team of experts stands ready to help your organization take care of risks inside your network that you might not know are there. Cyberattacks are at an all-time high…and getting worse every day. We are here to help!

Cybersecurity risks continue to evolve, and so do our tools to fight them. We are passionate about protecting small businesses, and stay up to date on technology and cybersecurity best practices. Contact us today and let us show you how our cybersecurity services can help your business stay safe in an uncertain world.

Call us at 937-490-5600 or Contact Us to learn more or get started.

Common Sense and Cybersecurity

Common sense and cybersecurity

Earlier this month, Colonial Pipeline’s operations came to a halt after a ransomware attack orchestrated by DarkSide, an Eastern European cybercriminal organization. It took several days after the May 7 attack for the company to begin restarting parts of their systems as well as the mainlines. The effects were widespread and felt by most of us – gas prices at the pump fluctuated almost immediately.

As a society, we are becoming increasingly desensitized to news like this. Cyberattacks happen so often, it seems, that it’s hardly news. So why is it that so many businesses still don’t take cybersecurity seriously? There’s a shroud of mystery surrounding cyber – the media portrays hackers as hooded criminals lurking in a dark room. And while cybercrime methods change constantly, there are measures companies and individuals can take to protect their data. Those steps aren’t mysterious; they’re not hidden. Maybe they’re so simple – so rooted in common sense – that it’s easy to overlook them, and dismiss their importance.

 “The problem with common sense is that it is not so common.”

Maybe it’s easy to dismiss simple ways to implement cybersecurity because “well, everyone knows to do that.” The truth is maybe not everyone knows. Maybe “common sense” isn’t as common as we would like to think. For example – do you lock your doors when you’re not home? Chances are you do. It’s one of the most basic things to prevent entry and protect what’s inside. One of the easiest ways to protect your business data is to password protect your computer systems. This most rudimentary of security measures, which costs nothing to implement is still not being used by many businesses.

Along the lines of common sense, let’s revisit the events following the Colonial breach. Gas prices increased, media coverage heightened awareness of a potential (temporary) shortage. Some people took to the pumps to fill up before it got worse. Others took more drastic measures, filling up plastic bags with gasoline. Common sense would tell (most of) us it’s a bad idea to fill a plastic bag with gasoline, but the truth is not everyone has the same thought process and the same information. So much so that the US Consumer Product Safety Commission announced on social media that it was, in fact, a bad idea to fill plastic bags with gasoline.

This is an extreme case, most of us probably understand why it’s not a good idea to fill a bag with gasoline. But many businesses are doing the cybersecurity-equivalent of this, likely without realizing it. For example, if your company has data on computers that aren’t password-protected, or even protected by passwords such as “password1234” – that’s a potentially disastrous situation.

Cybersecurity: Start with common sense

Cybersecurity for your business doesn’t have to be complicated, unattainable, and cost-prohibitive. It would be irresponsible for us to reduce cybersecurity to just password-protecting your computers – but the truth is that you can start with simple steps like that. The password illustration is easy to understand but is by no means the gold standard as far as security measures go. Using common sense – perhaps the best of the senses – can help jumpstart your cyber approach. Your business technology is unique; your cybersecurity strategy should be unique, too. We can start where you are – whether that is as simple as password-protecting your systems or as complicated as monitoring network traffic for anomalies. Every business that uses technology in some way is vulnerable to cyberattacks, from pipelines to pop-up boutiques. Don’t wait until something disruptive brings your operations to a halt. Let’s start today.

Contact our team to talk about cybersecurity solutions for your business, from the tried-and-true to the cutting edge.

Protect Your Identity and Learn About BEC Scams

BEC scams

Today is the first annual Identity Management Day! We join the National Cybersecurity Alliance and the Identity Defined Security Alliance to raise awareness and share resources for identity protection.

Protecting our data and promoting privacy is becoming more important to the wellness and security of our lives both professionally and personally – and not just on Identity Management Day. Cybercriminals are continually evolving their strategy and tactics to compromise their targets; it is paramount that end users stay aware of the dangers that lurk beyond the firewall.

One of the most common threats seen today are “Business Email Compromise” scams – or BECs. These involve criminals impersonating key organizational staff or vendors – perhaps an executive, HR, or other members of leadership – with the end goal being the fraudulent transfer of money.

The most common type of BEC scam is invoice or payment fraud. 

  • 65% of organizations faced BEC attacks in 2020.
  •  In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2.
  • In 2020, 80% of firms experienced an increase in cyberattacks.
  • 62% of BEC scams involve the cybercriminal asking for gift or money cards.
  • Payment/invoice/billing scams skyrocketed by 155% in 2020.

Don’t become a cyber statistic! Read on for tips on how to recognize (and avoid) these increasingly popular email scams.

Be Skeptical

If it seems strange, investigate. Last minute changes in instructions or recipient account information is a red flag that something could be wrong. Trust your gut.

Don’t Click it

Verify information related to any contacts associated with the request. If it is a vendor requesting something, do not contact them through information provided in email – use trusted information on file. If you get a strange request from someone you work with, call them on their known phone number. A quick call can save a big headache!

Double Check that URL

If there is a URL in the email, make sure it’s associated with the business it claims to be from. Discrepancies are a likely indicator that hostile actors may be involved.

Spelling Counts

Make sure to check for misspellings in domain names. Cybercriminals will often exploit similar names, hoping that the recipient will only glance at it and not realize it is different. Writing style will also be very simple and brief with little information added.

Look for Other Clues

Does it seem strange that the CEO is contacting you personally, via email, with an urgent request? Is a manager, with whom you just had a meeting, asking you to send money? Are you receiving invoices from clients that you aren’t responsible for? All of these are common tactics that are used that can be caught by paying attention to oddities.

See Something? Say Something!

If something looks suspicious, report it to your I.T. department or your MSP! If you’ve been of victim of a BEC scam, file a detailed complaint with www.ic3.gov.

Want to learn more about how to protect yourself and your business from cybercriminals?

Back To Business I.T. specializes in creating and managing secure I.T. environments and has the tools and experience to provide proactive, customized cybersecurity training for businesses of all sizes. Don’t become a cyber-statistic! Get in touch today and let us help you take steps to ensuring your cyber safety.

Back To Business I.T. to Participate in First-Ever Identity Management Day

Identity Management Day

Identity Management Day, founded by the Identity Defined Security Alliance, aims to educate and engage business leaders and I.T. decision makers on the intersection of identity management and security.

 

Beavercreek, OH — Back To Business I.T. today announced that it will participate in the first ever ‘Identity Management Day,’ an annual awareness event that will take place on the second Tuesday in April each year. The inaugural Identity Management Day will be held on April 13, 2021.

Founded by the Identity Defined Security Alliance (IDSA), the mission of Identity Management Day is to educate business leaders and IT decision makers on the importance of identity management and key components including governance, identity-centric security best practices, processes, and technology, with a special focus on the dangers of not properly securing identities and access credentials.

In addition, the National Cyber Security Alliance (NCSA) will provide guidance for consumers, to ensure that their online identities are protected through security awareness, best practices, and readily-available technologies.

To support this exciting initiative as a champion, Back To Business I.T. will be sharing information about ways to safeguard your identity online as well as resources available to individuals and organizations.

“Raising awareness around identity management is especially critical after a barrage of identity-based breaches made headlines in the past year, including Twitter, Marriott, and Nintendo. In fact, research by the IDSA reveals that 79% of organizations have experienced an identity-related security breach in the last two years, and 99% believe their identity-related breaches were preventable,” said Julie Smith, Executive Director of the IDSA.

Smith continued, “Compounding this, the ongoing pandemic has accelerated digital transformation initiatives that support changes in how we work and how we live day-to-day, putting organizations at greater risk. Our hope is that Identity Management Day will result in higher prioritization of identity security and, as a result, fewer data breaches in 2021 and beyond. We are grateful for all of the support from IDSA and NCSA member companies and the broader industry to further this mission.”

“Identity-related cybercrimes are nothing new, but the methods that hostile actors are using have changed tremendously,” said Tyler Greenwood, Vice President of Back To Business I.T. “Phishing and identity spoofing are tactics that cybercriminals are using to get people to give up information that’s then used to compromise systems. It’s happening everywhere and unfortunately many people and businesses aren’t taking proper precautions and are paying the price.”

“Identity management isn’t just about passwords anymore”, Tyler added, “It’s about people. Making sure users are trained to recognize maleficence is potentially the most critical factor keeping their identity and credentials safe.”

Back To Business I.T. offers customizable managed services designed to improve your business operations. Whether you have straightforward technology requirements or complex technical needs, Back To Business I.T. offers a full suite of managed services and solutions that can bring value to your operations and solve your technology challenges. One of our most popular services – Security Awareness Training – offers custom-built company-specific campaigns to train employees on cybersecurity risks. We craft and deploy simulated phishing campaigns to test employee awareness and provide resources to strengthen their understanding and increase cyber resiliency.

About the Identity Defined Security Alliance

The IDSA is a group of identity and security vendors, solution providers, and practitioners that acts as an independent source of thought leadership, expertise, and practical guidance on identity centric approaches to security for technology professionals. The IDSA is a nonprofit that facilitates community collaboration to help organizations reduce risk by providing education, best practices, and resources.

To learn more about and get involved in Identity Management Day 2021, please visit www.identitymanagementday.org and check out #IDMgmtDay on Twitter and LinkedIn.

Follow the IDSA

Join the Community: https://forum.idsalliance.org/

Twitter: www.twitter.com/idsalliance

LinkedIn: www.linkedin.com/company/identity-defined-security-alliance/

Blog: https://www.idsalliance.org/blog/

Follow Back To Business I.T.

Facebook: https://www.facebook.com/BacktoBusinessIT/

Twitter: https://twitter.com/Back2BusinessIT

Instagram: https://www.instagram.com/backtobusinessit/

LinkedIn: https://www.linkedin.com/company/back-to-business-it

YouTube: https://www.youtube.com/user/BacktoBusinessIT

What is a CMMC RPO?

CMMC rpo

Throughout 2020, the U.S. Department of Defense released details surrounding the Cybersecurity Maturity Model Certification (CMMC) requirements for companies in the defense industrial base (DIB). These new consolidated cybersecurity requirements are driving suppliers and contractors to dedicate time, money, and other resources to strengthen their cybersecurity strategy to meet compliance. Depending on the company’s existing cybersecurity posture, some will have much more work to do than others, and they will all need professional guidance.

It’s no surprise that the market has been recently flooded with consulting firms claiming to be experts in CMMC compliance requirements. Keep in mind that not all third-party consultancies are created equal. As a small business, we understand how important it is to properly vet vendors, and make sure you’re getting the most out of every dollar you assign to projects like these.

The CMMC Accreditation Body (CMMC-AB) has introduced five certifications and authorizations to differentiate entities offering CMMC compliance services. These are:

  • Certified Third-Party Assessor Organizations (C3PAO)
  • Registered Provider Organizations (RPO)
  • Registered Practitioners (RP)
  • Certified Professionals (CP)
  • Certified Assessors (CA)

We’re happy to provide some details regarding the RPO authorization, and what is involved.

RPOs like The Greentree Group are authorized by the CMMC AB to provide consulting services to government contractors and other companies in preparation for their CMMC assessments. We can also assist during these assessments if there is a finding that will prevent you from attaining your desired CMMC maturity level. However, we do not conduct certification assessments, and we do not grant certified status. Only C3PAOs are equipped to conduct these certification assessments. As an RPO, we are here to provide CMMC guidance and support to companies impacted by these new regulations. It’s important to remember that C3PAOs cannot provide guidance unless they’re also certified as an RPO – and even then, they cannot offer the same services (assessment + guidance) to the same company.

WHAT GOES INTO BECOMING AN RPO

A company must do the following to become certified as a CMMC RPO:

  1. Be an entity owned by a “US person”.
  2. Be registered with the CMMC-AB in order to receive authorization to use the official logo distributed by the CMMC-AB.
  3. Sign an RPO agreement, reflecting a commitment to comply with the CMMC-AB Code of Professional Conduct.
  4. Clear an organizational background check.
  5. Have at least one Registered Practitioner (RP) on their team. An RP is specially trained and authorized by the CMMC-AB to deliver “non-certified advisory services informed by basic training on the CMMC standard” at all times.
  6. Pay an annual registration fee.

These requirements put in place by the CMMC-AB are helpful for companies seeking certification because they provide a measure of legitimacy. As with any new regulations or rules, there will be many companies claiming to be experts in the field, and competing for your business. By selecting a company that has attained its RPO authorization, businesses can be confident that their choice is well suited for the job and committed to CMMC standards.

CHOOSING THE RIGHT CMMC RPO FOR YOUR COMPANY

RPO authorization is an important consideration when choosing a provider- but there are other things you should keep in mind. Other important questions you may want to ask –

  • How much experience does the RPO have in cybersecurity and maintaining compliance in highly regulated spaces?
    • The Greentree Group has supported both DoD programs and DIB clients with obtaining and maintaining required cybersecurity compliance for over a decade
  • Do they have experience with other frameworks such as CIS CSC, NIST SP 800-53, NIST SP 800-171, and ISO 27001?
    • Greentree has cybersecurity experts for the cybersecurity framework you require
  • How knowledgeable are they about the defense contracting environment?
    • Greentree’s cybersecurity team has a combined 50+ years of defense contracting experience
  • How many years have they been in business? Are they well-established?
    • The Greentree Group has been in business for 26 years with an established reputation for excellence in customer support
  • How easy is it for the provider to scale efforts appropriate to your business?
    • We support clients of all different sizes and architectures, as your business grows our support for your cybersecurity needs can grow with you

Note: Back To Business I.T. is a service brand of The Greentree Group.

WHY IS THE RPO AUTHORIZATION IMPORTANT FOR YOUR BUSINESS?

The new CMMC-AB authorization process for RPOs is an effective way for companies to sift through the increasing chatter in the CMMC consultancy space. The RPO certification signals that a consulting firm is invested in the CMMC space, and has committed to cybersecurity best practices. By visiting the CMMC marketplace, companies can look for certified RPOs in their area and reach out on their own terms.

We are authorized by the CMMC-AB as an RPO, and ready to guide your business along in the CMMC journey. Are you ready to learn more? Fill out this form and one of our cybersecurity experts will be happy to provide more information about CMMC compliance.

The Greentree Group is a CMMC Registered Provider Organization (RPO)

CMMC Registered Provider Organization

We are now a Cybersecurity Maturity Model Certification (CMMC) Registered Provider Organization (RPO) authorized by the CMMC-AB.

This new achievement solidifies our position as a leader in CMMC compliance solutions and services meant to protect government data in defense contractor systems. According to the National Accreditation Board, CMMC-AB is an independent accreditation body “responsible for establishing, managing, controlling, and administering the CMMC assessment, certification, training, and accreditation processes for the Department of Defense (DoD) supply chain.” Our new Registered Provider Organization (RPO) status reflects our commitment to the CMMC Accreditation Body (AB) code of professional conduct. It allows our company to provide advice, recommendations, and consultation to our customers as they seek their own CMMC-AB certifications.

Since 1993, The Greentree Group has been providing comprehensive professional services and technology solutions to small and medium-sized organizations, including:

  • Cybersecurity solutions
  • I.T. Support
  • Cloud Solutions
  • Technology Strategy

We offer a suite of comprehensive business technology services to include solutions which support Cybersecurity Maturity Model Certification (CMMC) compliance. Our team of cybersecurity experts assist defense contractors in becoming CMMC audit ready by implementing technical solutions and developing documentation and policies required by CMMC. In addition, we provide options for ongoing services to maintain compliance after certification.

CMMC SUPPORTS IT MODERNIZATION AND SUPPLY CHAIN SECURITY

CMMC is a new cybersecurity compliance standard that will be required for contractors to bid and win DoD contracts. The Defense Federal Acquisition Regulation interim rule took effect on November 30, 2020 and initial assessments are expected to begin in calendar year 2021.

CMMC-AB authorized RPOs provide advice, consulting, and recommendations to their clients. They are the implementers and consultants, but do not conduct Certified Assessments. They understand the CMMC Standard, and are qualified as:

  • Aware – Employs staff trained in basic CMMC methodology
  • Registered Practitioner Staffed – Offers CMMC trained consultative services
  • Targeted – CMMC assessment preparation
  • Trusted – Bound by a professional code of conduct

View our listing on the CMMC-AB Marketplace!

Ready to learn more? Our team of cybersecurity professionals would be happy to provide more details about the CMMC requirements, and what they mean for your business. Contact us today!