Why FedRAMP Authorization and CMMC Level 2 Are Now Table Stakes for GovCon AI

https://blog.procurementsciences.com/psci_blogs/why-fedramp-authorization-and-cmmc-level-2-are-now-table-stakes-for-govcon-ai

#HackerNews #FedRAMP #CMMC #GovCon #AI #Compliance #Cybersecurity

Trí tuệ Copilot & Teams tạo năng suất nhưng không tự động đảm bảo CMMC. Thực tế, tuân thủ phụ thuộc vào kiến trúc, ranh giới tin cậy và quy trình. Rahsi Defense Security Mesh™ cho phép xác định rõ các zoned CUI/FCI, chứa trình duyệt Copilot, quản lý tin cậy xuyên tenant, và cung cấp bằng chứng định quad. #CMMC #M365 #Copilot #Teams #ZeroTrust #AI #CyberSecurity

https://dev.to/aakash_rahsi_8d28156d5f2c/rahsi-defense-security-mesh-copilot-teams-enable-productivity-cmmc-compliance-demands-5hjg

📰 It's Official: DoD Begins Phased Rollout of CMMC Cybersecurity Program

The clock is ticking for defense contractors! ⏰ The DoD's CMMC program officially began its phased rollout on Nov 10. Cybersecurity compliance is now becoming mandatory for all DIB contracts. #CMMC #DoD #Cybersecurity #Compliance

🔗 https://cyber.netsecops.io/articles/dods-cmmc-program-officially-begins-phased-rollout/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

GRC – what it is, and where it came from.

Playing the Old Guy card is dangerous for me, because people may assume incorrectly that I have a “been there, done that” attitude. And you just can’t have a “been there, done that” attitude in technology, because things change so fast. Each problem must be treated as a new problem, and solved – again – today, in light of today’s technology.

However.

I’m going to play the Old Guy card today, talking about GRC. Are you ready?

GRC is a buzzword.

However cool you may think Governance, Risk, and Compliance is, the name/acronym is a newcomer on an old field. The Open Compliance and Ethics Group (OCEG) formally defined the term GRC in 2007. (Source: the Internet. Google it. You can find it at the OCEG website, Wikipedia, and on and on).

My friend, we were doing things like change management, risk management, and legal compliance way back in the last century.

The first time (several years ago) a prospect asked me, “Do you have any experience with GRC?” I asked them, “What’s GRC? I haven’t heard that acronym.” Of course, they assumed I was ignorant, and hired someone else.

Hey. We had a whole compliance group in our legal department at Cellular One when I was Director of National System Development in 2000. We had things like product evaluation, change management, and coordination of objectives between Sales and Engineering when I was Director of Technical Services at one of America’s largest paging companies in the 1990s.

If you think GRC means finding controls to satisfy a framework, or meeting NIST standards, or achieving CMMC compliance, your thinking is too small.

GRC existed before the acronym was created.
GRC exists outside of cybersecurity.
Cybersecurity is just one part, a new addition, to the scope of a company’s unified governance, risk management, and legal compliance initiatives.

See things in perspective. Look for the bigger picture.

#CMMC #GRC #NIST