However, it is nearly impossible for defense contractors to cover every aspect of cybersecurity for total CMMC compliance. Particularly during the ongoing COVID-19 pandemic, ensuring security from a remote work location proves to be even more challenging. For this reason, defense contractors need a managed security services partner to ensure all-round cybersecurity and meet complex CMMC regulatory requirements. This is where CyberSheath comes into the picture to help defense contractors in the DIB comply with CMMC, DFARS 252.204-7012, and NIST 800-171. CyberSheath is a managed security services company that handles the technical, cybersecurity, and compliance aspect for defense contractors and protects their intellectual properties. Founded in 2012 by Eric Noonan, a former United States Marine and chief information security officer for a global defense contractor—CyberSheath delivers measurable results that substantially reduce risk.
CyberSheath, as a trusted third-party managed service provider, simplifies compliance for its clients in three stages, (assess, implement, manage) AIM™. After the initial assessment, CyberSheath understands the client’s compliance requirements and breaks down the reasons behind their non-compliance. From there, CyberSheath moves to implementation. “We follow a shared responsibility model. We own the gaps and fix them,” says Eric Noonan, CEO of CyberSheath. After ascertaining the gaps, CyberSheath ensures that the client achieves compliance through specific initiatives across people, processes, and technology. And once the client achieves compliance, CyberSheath ensures that they stay complaint for a long-term throughout the lifecycle of their relationship. The same AIM approach works wonders for the clients, even in the turbulent times of the COVID-19 pandemic as CyberSheath ensures that the client’s employees can work remotely and securely.
The company has diverse clientele across various industries. According to Noonan, while these industries require basic good cyber hygiene, they have unique and sometimes competing regulatory regimes. In these scenarios, CyberSheath focuses on securing its clients IT and cybersecurity environment to make compliance a natural outcome of operational security.
Amid the continually changing regulations, we help our clients achieve compliance quickly and cost-effectively while optimizing their operations
To further illustrate CyberSheath’s services, Noonan shares a success story where a client struggled to comply with CMMC’s predecessor, NIST 800-171. CyberSheath’s initial assessment revealed that the client had a 65 percent non-compliance score. As part of its remediation activities, CyberSheath deployed a multi-factor authentication system for different operating systems such as Windows, iOS, or Linux to ensure that the security configuration is in place. The second remediation activity was to enable mobile device management in a bring your own device (BYOD) environment to protect their sensitive information. Third, for monitoring and logging, CyberSheath established both security information and event management (SIEM) log sources and integrations to support security analysis and alignment with NIST 800-171. Additionally, CyberSheath started a log management and observation plan to illustrate the mature logging and monitoring capability. As a result, during a third-party DoD assessment, the client had a low cybersecurity risk rating and passed the audit with flying colors.
Moving ahead with undeterred momentum, CyberSheath is helping its DIB clients navigate through CMMC’s regulatory changes to protect their DoD or contract revenue from the government. “Amid the continually changing regulations, we help our clients achieve compliance quickly and cost-effectively while optimizing their operations,” concludes Noonan.