The Ever-Expanding Cyber Threat:
The number of cyber-attacks has significantly increased over the past year. The growth of connectivity, the COVID-19 pandemic, and increased remote work have contributed exponentially to the rise in cyber threats and attacks.
Ransom attacks, phishing schemes, spyware, malware, and criminal enterprises are becoming more sophisticated every year, searching for network vulnerabilities and infiltrating systems by adapting (and automating) the technologies we utilize to increase our business performance: machine learning, artificial intelligence, analytics, and email communication.
The Colonial Pipeline, WannaCry, and SolarWinds attacks should have been more than a wake-up call for Government Contractors; that now is the time to make cybersecurity and compliance a major priority.
Secure your Deltek Costpoint Data with the latest Cloud Offering:
Last year Deltek announced, that they can now support your organization in meeting the latest cybersecurity and compliance requirements with their new Costpoint GovCon Cloud (GCC) Moderate solution. GCC introduced enhanced cybersecurity controls for Costpoint, to help government contractors protect their data and meet strict federal compliance requirements. (CMMC, CDI, iTAR, FedRAMP, and more.)
In an effort to support the industry’s increasing cybersecurity and compliance demands, Costpoint GCC Moderate allows government contractors to safely store Covered Defense Information (CDI) and ITAR data in the Deltek Costpoint Cloud. This enhancement eliminates the need and the cost for on-premises equipment and support. Deltek has implemented new controls to align with NIST standards, including 800-53 and CSNI 1253 – in addition to, FedRAMP Moderate equivalent controls, which go beyond the existing NIST 800-171 controls to support Controlled Unclassified Information (CUI) within the Costpoint cloud.
“By leveraging Costpoint GCC Moderate, contractors can migrate to Deltek's cloud environment with increased confidence and peace of mind knowing they can meet the growing demands of government agencies."Todd Walker, VP of Product Strategy at Deltek.
The DoD, Cybersecurity, Compliance, and Competition:
The Department of Defense (DoD) has certainly been talking about the phased rollout of the Cybersecurity Maturity Model Certification (CMMC) for a while now. Unfortunately, all the talk has produced very little clarity on the subject – until recently. In September 2020, the DoD published an interim rule and tried to address some of the outstanding questions. Below is a high-level overview only, designed to help contractors and subcontractors understand the general requirements.
The Growing Demands:
Effective Nov. 30, 2020, the DoD implemented a standard DoD-wide methodology for assessing DoD contractor compliance with security requirements in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. It rolled out a DoD certification process, known as the CMMC. CMMC is designed to measure a company’s maturity and institutionalization of cybersecurity practices and processes. Solicitations and contracts will begin incorporating new clauses that will require contractors to adhere to CMMC compliance requirements.
Effective Oct. 1, 2025, all DoD contractors and subcontractors will need to be CMMC compliant. By then, Fiscal Year 2026, all DoD solicitations and contracts will be required to incorporate at least the minimal compliance requirements outlined below.
CMMC requirements are divided into two buckets: 1) assessment of compliance with the NIST SO 800-171, and 2) certification under CMMC. These are akin to 1) what contractors must do now, and 2) what contractors will have to do later — but soon.
You can read all the requirements here: Cybersecurity Maturity Model Certification (CMMC): The New Requirements – Taft Law
How We Can Help – Support & Migration Services:
As the technology and security needs of the market change, it is important that government contractors and project-based businesses remain agile to respond to the constant evolution of standards, threats, and compliance requirements. We understand that it can be challenging and costly to keep pace with shifting demands. Costpoint GCC Moderate is an important investment and can be added to your ground-to-cloud conversion.
Having a partner that understands the government contracting market and the unique needs of the companies that work within it is vital to ensuring your Costpoint cloud conversion is successful. By leveraging our Costpoint GCC Moderate conversion services, contractors can migrate to a cloud environment with the increased confidence and peace of mind knowing that their conversion will meet today's requirements and tomorrow’s compliance and security standards.
The Bottom Line:
Schedule a meeting today with our ground to cloud support team. Let us find the best way to help you move to the cloud, protect your data, and remain compliant whilst embracing the latest Costpoint cloud offerings.