Latest news with #CUI
Associated Press
2 days ago
- Business
- Associated Press
By Light Achieves CMMC-Level 2 Certification
- By Light Achieves CMMC Level 2 Certification, Strengthening Commitment to Cybersecurity for DoD and Federal Customers - MCLEAN, Va., July 16, 2025 (SEND2PRESS NEWSWIRE) — By Light Professional IT Services LLC (By Light) is proud to announce that it has been officially appraised at Cybersecurity Maturity Model Certification (CMMC) Level 2, demonstrating the company's deep commitment to safeguarding Controlled Unclassified Information (CUI) and meeting the cybersecurity requirements of the U.S. Department of Defense (DoD). CMMC Level 2 represents a critical milestone for defense contractors, requiring the implementation of 110 security practices aligned with the National Institute of Standards and Technology (NIST) SP 800-171. By Light's successful appraisal underscores its operational readiness and adherence to stringent security standards across its internal systems, processes, and partner networks. This certification further positions By Light as a trusted provider of secure digital transformation services for the federal government, including cyber operations, DevSecOps, and Zero Trust implementations. The CMMC Level 2 appraisal was conducted by a CMMC Third Party Assessor Organization (C3PAO) and is valid for three years. By Light continues to invest in comprehensive cybersecurity governance across its classified and unclassified offerings and remains committed to continuous improvement as CMMC evolves in future phases. About By Light: By Light Professional IT Services LLC is an ISO 9001, 20000-1, and 27001 registered and CMMI-Dev Level 3 rated systems engineering company that provides secure turnkey systems by incorporating exceptional engineering, project management, telecommunications, and cyber capabilities to safeguard mission success. Founded by industry professionals with extensive knowledge in DoD, DISA, and other U.S. Government agencies, By Light successfully implements technical solutions that integrate commercial best practices to meet the needs of the government. For more information, visit LOGO link for media: NEWS SOURCE: By Light Professional IT Services Keywords: Cyber Security and Infosec, By Light Professional IT Services LLC, DoD and Federal Customers, Cybersecurity Maturity Model Certification CMMC, Military, Defense, Government, Armed Forces, MCLEAN, Va. This press release was issued on behalf of the news source (By Light Professional IT Services) who is solely responsibile for its accuracy, by Send2Press® Newswire. Information is believed accurate but not guaranteed. Story ID: S2P127758 APNF0325A To view the original version, visit: © 2025 Send2Press® Newswire, a press release distribution service, Calif., USA. RIGHTS GRANTED FOR REPRODUCTION IN WHOLE OR IN PART BY ANY LEGITIMATE MEDIA OUTLET - SUCH AS NEWSPAPER, BROADCAST OR TRADE PERIODICAL. MAY NOT BE USED ON ANY NON-MEDIA WEBSITE PROMOTING PR OR MARKETING SERVICES OR CONTENT DEVELOPMENT. Disclaimer: This press release content was not created by nor issued by the Associated Press (AP). Content below is unrelated to this news story.
Business Wire
2 days ago
- Business
- Business Wire
Kimmell Cybersecurity Achieves CMMC Level 2 Certification for MSP and MSSP Services, Strengthening Cybersecurity for DoD Contractors
AKRON, Ohio--(BUSINESS WIRE)--Kimmell Cybersecurity, a CMMC Certified Third-Party Assessment Organization (C3PAO), is proud to announce it has successfully achieved CMMC Level 2 certification for its Managed Service Provider (MSP) and Managed Security Service Provider (MSSP) offerings. This accomplishment makes Kimmell Cybersecurity one of the few C3PAOs to both assess and provide services at CMMC Level 2—providing a fully compliant service environment for contractors in the Defense Industrial Base (DIB). Kimmell Cybersecurity - MSP / MSSP meets DOD's stringent CMMC security requirements achieving CMMC Level 2 certification. This certification is especially significant for Department of Defense (DoD) contractors handling Controlled Unclassified Information (CUI), as it ensures Kimmell Cybersecurity's managed services meet the same rigorous standards required of their clients under the NIST SP 800-171 Rev 2 framework. 'For DoD contractors navigating the complexities of CMMC compliance, this certification proves that our team practices exactly what we assess,' said Brett Kimmell, Managing Member at Kimmell Cybersecurity. 'We understand contractor's unique challenges and offer managed services that are not only compliant but tested to the highest federal standards.' The independent third-party assessment verified that Kimmell Cybersecurity has implemented and maintains all security practices required for CMMC Level 2 certification—strengthening the company's position as a trusted cybersecurity partner for contractors building the future of U.S. defense. With this milestone, DoD contractors and subcontractors can rely on Kimmell Cybersecurity for expert CMMC assessments, consulting, and Level 2-certified managed services that directly support compliance readiness. To learn more email cmmc@ or contact Erik Bennett 330-762-5143 or ebennett@ About Kimmell Cybersecurity Kimmell Cybersecurity is a leading CMMC C3PAO, delivering certified cybersecurity assessments, advisory, and fully managed services tailored to DoD manufacturers and contractors. With deep experience in defense compliance, Kimmell helps organizations secure their systems, safeguard CUI, and achieve CMMC certification with confidence.
Yahoo
7 days ago
- Business
- Yahoo
Why CMMC is Essential for DoD Contractors: Cybersecurity Compliance Insights Released by Info-Tech Research Group
With increasing cyber threats targeting the defense supply chain, Cybersecurity Maturity Model Certification (CMMC) compliance is now a critical factor for contract eligibility. Info-Tech Research Group's blueprint equips contractors and subcontractors with practical strategies to meet evolving cybersecurity standards and safeguard sensitive information. TORONTO, July 11, 2025 /PRNewswire/ - A growing wave of cyberthreats targeting defense contractors has underscored the need for a consistent and enforceable framework to safeguard Controlled Unclassified Information (CUI) and strengthen the resilience of the defense supply chain. Global research and advisory firm, Info-Tech Research Group, has published insights and guidance on the situation in a new resource, Achieve CMMC Compliance Effectively. While the CMMC aims to provide exactly that, many contractors continue to face significant roadblocks in achieving compliance. Legacy systems, limited internal expertise, evolving requirements, and high implementation costs are just some of the challenges slowing down progress. The firm's research-based resource offers a focused and practical approach to compliance to help contractors navigate these issues by equipping defense organizations with the tools needed to meet certification requirements and maintain eligibility for Department of Defense (DoD) contracts. Info-Tech's blueprint makes it clear that CMMC applies to all prime and subcontractors working with the DoD. The framework is critical for protecting both Federal Contract Information (FCI) and CUI, which are often shared across multiple tiers of suppliers and service providers. However, a significant number of organizations continue to face challenges meeting these requirements, often due to system integration and data flow issues, which are further complicated by confusion around evolving compliance expectations. "Not providing the required level of assessment or certification to the DoD puts organizations at risk of losing eligibility to bid on or be awarded defense contracts," says Safayat Moahamad, research director at Info-Tech Research Group. "More importantly, organizations that proactively invest in cybersecurity resilience gain a competitive advantage by strengthening their ability to bid on DoD contracts and demonstrating trustworthiness in handling sensitive defense data." Info-Tech's insights published in the resource highlight that Organizations Seeking Certification (OSCs), and Organizations Seeking Assessment (OSAs), must choose their target compliance level and implement the corresponding controls. The certification level required for specific contracts will be stated in each DoD solicitation. This means contractors must be proactive and align their security practices with anticipated contract demands. Understanding the CMMC Levels To support this effort, Info-Tech's Achieve CMMC Compliance Effectively blueprint outlines four key CMMC levels, each designed to match the type and sensitivity of data a contractor handles: Level 1: Foundational (Self-Assessed) - For contractors handling Federal Contract Information (FCI). Requires full implementation of 15 basic security controls and annual self-affirmation. Conditional status is not permitted at this level. Level 2: Advanced (Self-Assessed) - Designed for contractors handling Controlled Unclassified Information (CUI). Level 2 requires the implementation of 110 controls from NIST SP 800-171. Organizations must score at least 80% and close any remediation items within 180 days, and complete annual affirmation and reassessment every three years. Level 2: Advanced (Third-Party Assessed) - Similar to the self-assessed Level 2, but compliance is verified by an accredited third-party assessor (C3PAO). This level is required for some contracts, depending on Department of Defense (DoD) solicitation terms. Level 3: Expert (Government Assessed) - Level 3 is for organizations supporting critical defense programs. It requires a Level 2 C3PAO certification. In addition, 24 controls from NIST SP 800-172 must be assessed by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). "By addressing the challenges of CMMC compliance early and with purpose, organizations can move beyond simply checking boxes," explains Moahamad. "In a competitive defense landscape, effective compliance is not just a requirement; it is a key differentiator." For exclusive and timely commentary from Safayat Moahamad, an expert in privacy, legal, and compliance fields, and access to the complete Achieve CMMC Compliance Effectively blueprint, please contact pr@ About Info-Tech Research GroupInfo-Tech Research Group is one of the world's leading research and advisory firms, serving over 30,000 IT and HR professionals. The company produces unbiased, highly relevant research and provides advisory services to help leaders make strategic, timely, and well-informed decisions. For nearly 30 years, Info-Tech has partnered closely with teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations. To learn more about Info-Tech's divisions, visit McLean & Company for HR research and advisory services and SoftwareReviews for software buying insights. Media professionals can register for unrestricted access to research across IT, HR, and software and hundreds of industry analysts through the firm's Media Insiders program. To gain access, contact pr@ For information about Info-Tech Research Group or to access the latest research, visit and connect via LinkedIn and X. View original content to download multimedia: SOURCE Info-Tech Research Group
Yahoo
10-07-2025
- Business
- Yahoo
CDA and Vanta Tackle CMMC Compliance in High-Speed Webinar
What defense contractors need to know now — and why waiting could cost you government contracts. TAMPA, Fla., July 10, 2025--(BUSINESS WIRE)--As the Department of Defense cranks up enforcement of the Cybersecurity Maturity Model Certification (CMMC) framework, government contractors across the country are racing to meet new compliance demands. The problem? The rules are complicated, the deadlines are approaching fast, and the consequences of missteps are serious — including loss of contract eligibility. Enter Cyber Defense Advisors (CDA) and Vanta, who are teaming up to offer a fast, practical, and surprisingly fun solution: a free, 30-minute webinar titled "Navigating CMMC Compliance: Your Roadmap to Success", happening Wednesday, July 16, 2025 at 1:00 PM ET. Register here: This isn't your typical compliance talk. It's a fast, no-fluff session with real CMMC experts sharing exactly what's happening, what's urgent, and what to do now to stay DoD-eligible. So, who's this for? Anyone managing cybersecurity, contracts, or compliance for a DoD contractor — prime or sub — should attend, especially if you handle CUI, FCI, or want to stay competitive in the GovCon space. What you'll learn: What the CMMC timeline really looks like (spoiler: it's already started) What you need for Level 1 and Level 2 certification How new DFARS rules could make or break your contract eligibility Common compliance mistakes — and how to avoid them Immediate actions to protect your DoD pipeline Plus, the session wraps with a 15-minute live Q&A, so bring your questions. Behind the Mic Francis Schmuff, CEO of CDA – Former DoD strategist with 20+ years helping contractors build audit-ready programs. Bryan Siegel, Director of Compliance, CDA – Helped shape the original CMMC model and knows what really matters. Morgan Kaplan, Director of Government Strategy & Affairs at Vanta – Expert in simplifying compliance without slowing your team down. Why it matters CMMC is now mandatory — and enforcement is underway. Miss it, and you risk losing DoD contracts. Find out what to prioritize now. Can't join? Register anyway to get the recording and bonus resources. Event Details: Date: Wed, July 16, 2025 Time: 1:00 PM ET Duration: 30-min webinar + 15-min live Q&A Registration: Cyber Defense Advisors (CDA) CDA helps defense contractors meet CMMC, NIST 800-171, and FedRAMP requirements with practical, results-driven strategies. Vanta Vanta automates security and compliance across CMMC, SOC 2, ISO 27001, and more — so businesses can scale securely and stay audit-ready. View source version on Contacts Press: mhale@
Business Wire
10-07-2025
- Business
- Business Wire
CDA and Vanta Tackle CMMC Compliance in High-Speed Webinar
TAMPA, Fla.--(BUSINESS WIRE)--As the Department of Defense cranks up enforcement of the Cybersecurity Maturity Model Certification (CMMC) framework, government contractors across the country are racing to meet new compliance demands. The problem? The rules are complicated, the deadlines are approaching fast, and the consequences of missteps are serious — including loss of contract eligibility. CMMC compliance is no longer optional — it's mandatory for DoD contracts. This 30-minute webinar will show you exactly how to stay eligible and avoid costly missteps. Share Enter Cyber Defense Advisors (CDA) and Vanta, who are teaming up to offer a fast, practical, and surprisingly fun solution: a free, 30-minute webinar titled 'Navigating CMMC Compliance: Your Roadmap to Success', happening Wednesday, July 16, 2025 at 1:00 PM ET. Register here: This isn't your typical compliance talk. It's a fast, no-fluff session with real CMMC experts sharing exactly what's happening, what's urgent, and what to do now to stay DoD-eligible. So, who's this for? Anyone managing cybersecurity, contracts, or compliance for a DoD contractor — prime or sub — should attend, especially if you handle CUI, FCI, or want to stay competitive in the GovCon space. What you'll learn: What the CMMC timeline really looks like (spoiler: it's already started) What you need for Level 1 and Level 2 certification How new DFARS rules could make or break your contract eligibility Common compliance mistakes — and how to avoid them Immediate actions to protect your DoD pipeline Plus, the session wraps with a 15-minute live Q&A, so bring your questions. Behind the Mic Francis Schmuff, CEO of CDA – Former DoD strategist with 20+ years helping contractors build audit-ready programs. Bryan Siegel, Director of Compliance, CDA – Helped shape the original CMMC model and knows what really matters. Morgan Kaplan, Director of Government Strategy & Affairs at Vanta – Expert in simplifying compliance without slowing your team down. Why it matters CMMC is now mandatory — and enforcement is underway. Miss it, and you risk losing DoD contracts. Find out what to prioritize now. Can't join? Register anyway to get the recording and bonus resources. Event Details: Cyber Defense Advisors (CDA) CDA helps defense contractors meet CMMC, NIST 800-171, and FedRAMP requirements with practical, results-driven strategies. Vanta Vanta automates security and compliance across CMMC, SOC 2, ISO 27001, and more — so businesses can scale securely and stay audit-ready.
