Latest news with #NISTSP800-171
Yahoo
29-05-2025
- Business
- Yahoo
OSC Edge Achieves Perfect Score on CMMC C3PAO Level 2 Assessment
Premier IT Solutions Provider Demonstrates Unwavering Commitment to Cybersecurity Excellence ATLANTA, May 29, 2025--(BUSINESS WIRE)--OSC Edge, a leading provider of engineered IT solutions for defense and federal agencies, proudly announces it has achieved a 100% score on its Cybersecurity Maturity Model Certification (CMMC) Level 2 assessment as a Candidate Third-Party Assessment Organization (C3PAO). This milestone underscores OSC Edge's dedication to delivering secure, mission-critical solutions for the Department of Defense (DoD) and federal clients. The flawless assessment validates OSC Edge's robust cybersecurity framework, built on secure-by-design systems engineering, NIST SP 800-171 and SP 800-53 governance, and advanced technical controls like endpoint protection, SIEM, and encrypted communications. This achievement positions OSC Edge as a trusted partner for DoD contractors navigating CMMC compliance. "This perfect score is a testament to our team's expertise and commitment to securing our nation's most critical missions," says Tiffany Bailey, CEO of OSC Edge. "We're proud to set the standard for cybersecurity excellence and support our clients with unparalleled solutions." "This achievement reflects years of disciplined processes and a culture of security-first innovation," adds Corey Ogletree, PMP, CISSP-ISSEP, ITIL, GCIH, Director of Information Technology and Cybersecurity at OSC Edge. "Our team's work ensures DoD partners can trust us to deliver compliant, resilient IT environments." The assessment success highlights the collaborative efforts of OSC Edge's cybersecurity team, including Peter Shoars, Kenyatta Jabbar, Neel Patel, and Jatin Gohil, alongside strategic guidance from Lee Hendrickson, Jim Spencer, Skeeter Lieberum, Jina Hardy and Romain Nowakowski. Their work ensures OSC Edge's processes are repeatable, auditable, and aligned with DoD's highest standards. As a mission-focused company, OSC Edge continues to drive innovation in cybersecurity, cloud, and infrastructure, supporting critical initiatives like the Air Force's Base Infrastructure Modernization (BIM) program. About OSC Edge OSC Edge is a wholly owned subsidiary of Cook Inlet Region, Inc. (CIRI), an Alaska Native Corporation proudly owned by over 9,400 Shareholders. CIRI is one of 12 land-based Alaska Native regional corporations created by the Alaska Native Claims Settlement Act (ANCSA) of 1971 and benefits Alaska Native people who had ties to the Cook Inlet region and beyond. Learn more at View source version on Contacts Rebekah TopazMarketing Manager214-662-9697rtopaz@ Sign in to access your portfolio
Business Wire
29-05-2025
- Business
- Business Wire
OSC Edge Achieves Perfect Score on CMMC C3PAO Level 2 Assessment
ATLANTA--(BUSINESS WIRE)--OSC Edge, a leading provider of engineered IT solutions for defense and federal agencies, proudly announces it has achieved a 100% score on its Cybersecurity Maturity Model Certification (CMMC) Level 2 assessment as a Candidate Third-Party Assessment Organization (C3PAO). This milestone underscores OSC Edge's dedication to delivering secure, mission-critical solutions for the Department of Defense (DoD) and federal clients. 'This perfect score is a testament to our team's expertise and commitment to securing our nation's most critical missions,' says Tiffany Bailey, CEO of OSC Edge. Share The flawless assessment validates OSC Edge's robust cybersecurity framework, built on secure-by-design systems engineering, NIST SP 800-171 and SP 800-53 governance, and advanced technical controls like endpoint protection, SIEM, and encrypted communications. This achievement positions OSC Edge as a trusted partner for DoD contractors navigating CMMC compliance. 'This perfect score is a testament to our team's expertise and commitment to securing our nation's most critical missions,' says Tiffany Bailey, CEO of OSC Edge. 'We're proud to set the standard for cybersecurity excellence and support our clients with unparalleled solutions.' 'This achievement reflects years of disciplined processes and a culture of security-first innovation,' adds Corey Ogletree, PMP, CISSP-ISSEP, ITIL, GCIH, Director of Information Technology and Cybersecurity at OSC Edge. 'Our team's work ensures DoD partners can trust us to deliver compliant, resilient IT environments.' The assessment success highlights the collaborative efforts of OSC Edge's cybersecurity team, including Peter Shoars, Kenyatta Jabbar, Neel Patel, and Jatin Gohil, alongside strategic guidance from Lee Hendrickson, Jim Spencer, Skeeter Lieberum, Jina Hardy and Romain Nowakowski. Their work ensures OSC Edge's processes are repeatable, auditable, and aligned with DoD's highest standards. As a mission-focused company, OSC Edge continues to drive innovation in cybersecurity, cloud, and infrastructure, supporting critical initiatives like the Air Force's Base Infrastructure Modernization (BIM) program. About OSC Edge OSC Edge is a wholly owned subsidiary of Cook Inlet Region, Inc. (CIRI), an Alaska Native Corporation proudly owned by over 9,400 Shareholders. CIRI is one of 12 land-based Alaska Native regional corporations created by the Alaska Native Claims Settlement Act (ANCSA) of 1971 and benefits Alaska Native people who had ties to the Cook Inlet region and beyond. Learn more at
Yahoo
25-03-2025
- Business
- Yahoo
Mass. defense contractor Morse Corp. agrees to settle cybersecurity fraud case for $4.6 million
Cambridge-based defense contractor Morse Corp. has agreed to pay $4.6 million to resolve allegations that it failed to comply with cybersecurity requirements in its contracts with the U.S. Army and U.S. Air Force. The settlement resolves allegations that Morse Corp. submitted fraudulent claims for payment on contracts with the Army and Air Force, and that those claims were fraudulent because Morse knew it had not complied with those contracts' cybersecurity requirements, the U.S. Attorney said. 'Federal contractors must fulfill their obligations to protect sensitive government information from cyber threats,' U.S. Attorney Leah Foley said in a statement on Tuesday. 'We will continue to hold contractors to their commitments to follow cybersecurity standards to ensure that federal agencies and taxpayers get what they paid for, and make sure that contractors who follow the rules are not at a competitive disadvantage,' Foley said. As part of the settlement, Morse admitted and accepted responsibility for the following, Foley said: From January 2018 to September 2022, Morse used a third-party company to host the company's emails without requiring and ensuring that the third party met security requirements equivalent to the Federal Risk and Authorization Management Program Moderate baseline and complied with the Department of Defense's requirements for cyber incident reporting, malicious software, media preservation and protection, access to additional information and equipment necessary for forensic analysis and cyber incident damage assessment; The contracts required that Morse implement all cybersecurity controls in National Institute of Standards and Technology Special Publication (SP) 800-171, but from January 2018 to February 2023, Morse had not fully implemented all those controls, including controls that, if not implemented, could lead to significant exploitation of the network or exfiltration of controlled defense information and controls that could have a specific and confined effect on the security of the network and its data; From January 2018 to January 2021, despite the contracts' system security plan requirement, Morse did not have a consolidated written plan for each of its covered information systems describing system boundaries, system environments of operation, how security requirements are implemented and the relationships with or connections to other systems; In January 2021, Morse submitted to the Department of Defense a score of 104 for its implementation of the NIST SP 800-171 security controls. That score was near the top of the possible score range from -203 to 110. In July 2022, a third-party cybersecurity consultant notified Morse that its score was actually -142. Morse did not update its score in the Department of Defense reporting system until June 2023 — three months after the United States served Morse with a subpoena concerning its cybersecurity practices. 'We are pleased with today's settlement, which further demonstrates the resolve of the Department of the Army Criminal Investigation Division and our law enforcement partners to protect and defend the assets of the United States Army and Department of Defense,' Special Agent in Charge Keith Kelly, Department of the Army Criminal Investigation Division Fraud Field Office, said in a statement. 'We're committed to protecting the warfighter and maintaining the Army's operational readiness while holding those who engage in such acts accountable,' Kelly said. 'Failure to implement cybersecurity requirements can have devastating consequences, leaving sensitive DoD data vulnerable to cyber threats and malicious actors,' Special Agent in Charge William Richards of the Air Force Office of Special Investigations said in a statement. Richards said his office 'alongside our investigative partners and the Department of Justice, will continue to combat fraud affecting the Department of the Air Force and hold those accountable that fail to properly safeguard sensitive defense information.' 'Protecting the integrity of Department of Defense procurement activities is a top priority for the DoD Office of Inspector General's Defense Criminal Investigative Service,' said Special Agent in Charge Patrick Hegarty, DCIS Northeast Field Office. 'Failing to comply with DoD contract specifications and cybersecurity requirements puts DoD information and programs at risk,' Hegarty said. 'We will continue to work with our law enforcement partners and the Department of Justice to investigate allegations of false claims on DoD contracts.' The settlement resolves a lawsuit filed under the whistleblower provisions of the False Claims Act, which permit private parties to sue on behalf of the government when they believe that a defendant has submitted false claims for government funds and receive a share of any recovery. The settlement in this case provides for the whistleblower to receive an $851,000 share of the settlement amount, Foley said. This is a developing story. Check back for updates as more information becomes available. Download the FREE Boston 25 News app for breaking news alerts. Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW
Yahoo
06-03-2025
- Business
- Yahoo
Alpine Power Systems Achieves NIST SP 800-171 & ITAR Compliance
DETROIT, March 6, 2025 /PRNewswire/ -- Alpine Power Systems is pleased to announce that its corporate headquarters has successfully achieved compliance with the National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) and the International Traffic in Arms Regulations (ITAR). This milestone underscores the company's dedication to cybersecurity, data protection, physical facility security and regulatory compliance across critical industries. NIST SP 800-171 outlines security measures to safeguard sensitive government-related data from cyber threats, ensuring businesses maintain strict data protection protocols. ITAR regulates the handling of physical facility security, requiring companies to secure sensitive information from unauthorized access. By meeting these standards, Alpine Power Systems enhances its ability to serve government and defense-related clients while reinforcing its commitment to high-level security practices. Beyond government and defense industries, this compliance benefits all customers by strengthening data security, reducing risks, and ensuring the highest levels of reliability. Businesses across various sectors can trust Alpine Power Systems to maintain rigorous cybersecurity physical security measures. "Our compliance with NIST SP 800-171 and ITAR reflects our unwavering commitment to data security and regulatory excellence," said Sal Warmann, IT Director at Alpine Power Systems. "In a time of evolving cybersecurity threats, this achievement strengthens our ability to protect critical information and maintain customer trust." Wyatt Doyle, Vice President of Technology, added, "By adhering to these standards, Alpine Power Systems continues to implement proactive measures that enhance our cybersecurity framework and position us as a trusted partner for industries requiring the highest levels of facility and data protection." This compliance reinforces Alpine Power Systems' role as a leader in power solutions, material handling and mission-critical infrastructure. It reflects the company's commitment to exceeding expectations in security, reliability, and industry best practices. About Alpine Power Systems Alpine Power Systems, established in 1963, is an independent B2B global solution provider specializing in critical power, telecom, cable, and motive power solutions. Alpine has expanded its operations to become one of the largest independent organizations in their industry. Alpine is a dynamic and growing family business supplying numerous Fortune 1000 Companies. Alpine Power Systems is ISO 9001 Quality, 14001 Environmental, and 45001 Health & Safety Certified. Related Links Homepage: About Us: View original content to download multimedia: SOURCE Alpine Power Systems Sign in to access your portfolio
Technical.ly
17-02-2025
- Business
- Technical.ly
Hoping to score a federal contract during the Trump years? Prepare your security plans now
This is a guest post by Will Sweeney, managing partner at data privacy and cyber risk consulting firm Zaviant. With a new administration now in office, cybersecurity is likely to take center stage as overall national security efforts become increasingly prioritized. As a result, we will continue to see stricter cyber policies from the US government, some of which will have a direct impact on federal contractors. For example, the Pentagon recently posted the final rule for the Cybersecurity Maturity Model Certification 2.0, solidifying their plans to implement new cybersecurity standards for contractors later this year. To avoid business disruptions, it's essential that companies align their cybersecurity programs with evolving standards. Here's how your businesses can strengthen their privacy and security protocols to stay secure and hopefully land more deals with the government in 2025 and beyond. Document how you follow current protocols Any contractor working with the US government should create and maintain a comprehensive system security plan (SSP). It's not just best practice — it's a requirement under frameworks like NIST SP 800-171 and the Federal Acquisition Regulation clauses. This document outlines how your company protects sensitive government data, covering all aspects of system design, data handling and security controls. It demonstrates your company's commitment to data security if legislators crack down. Preparing this plan takes a few key steps like defining the scope of the SSP, gathering existing documentation, conducting a gap analysis, closing any gaps, drafting the SSP and reviewing and validating it. Furthermore, all prime contractors and their subcontractors will need a Cybersecurity Maturity Model Certification (CMMC) if they do business with the Department of Defense (DOD). Having an SSP will be helpful here because CMMC requires your business to have an SSP to satisfy the requirements for systems where Controlled Unclassified Information (CUI) is stored or shared. Check your current protocols against government best practices Ahead of enhanced cybersecurity protocols, all government contractors should take a serious look at their current program. This is best done through a gap analysis, an assessment that compares your existing security controls against industry standards. For example, companies can anticipate that they'll need to comply with frameworks like NIST 800-171, which is widely adopted by US government contractors to ensure that CUI is properly protected. The framework provides a set of 14 families of security requirements, covering everything from access control to incident response. By assessing your company's compliance with these standards, you can identify any gaps or deficiencies in your security posture ahead of any upcoming changes. Find out your SPRS score Once you have a solid grasp of your security program's current state, it's time to focus on your Supplier Performance Risk System (SPRS) score. The SPRS score is a measure of your compliance with the Defense Federal Acquisition Regulation Supplement clause 252.204-7012, which requires defense contractors to report their compliance with NIST 800-171. Contractors are required to input their compliance status into SPRS, and the resulting score is used by government agencies to assess the risk level of contracting with your company. A higher SPRS score indicates a strong cybersecurity posture, which is likely to become increasingly important moving forward. If you don't have an acceptable score, you may not be able to do business with the government until you improve it by fixing the gaps it points out. Outline a plan to fix any gaps and comply with future regulations When conducting a gap analysis, you're likely to uncover areas where your security program falls short of government requirements. This happens, but it's important to address these gaps by creating a Plan of Action and Milestones (POA&M) document, which serves as a roadmap for outlining the steps, responsible parties and timelines for achieving compliance. The document should prioritize actions based on risk levels and ensure that milestones are met to demonstrate progress. The POA&M is particularly important for contractors working with the DOD because it shows what gaps are in place and gives specific timelines on when those gaps will be closed. Follow through on your plans to improve Once your POA&M is in place, it's time to work toward improving your security maturity and increasing your SPRS score. This involves addressing the gaps identified during the assessment and executing the corrective actions in your POA&M. Improving your security maturity may involve regularly reviewing and refining your security policies and procedures in response to new regulations, implementing automation where possible to streamline compliance activities, training staff on cybersecurity best practices and engaging third-party auditors to assess the effectiveness of your program. Make sure your other vendors are in compliance, too Government contractors are responsible not only for their own data security but also that of third-party vendors they engage to support their business. Flowing down government requirements is crucial to ensure that your entire ecosystem of contractors and subcontractors meets the necessary standards to protect sensitive data. To accomplish this, companies should clearly communicate security expectations to third-party vendors, ensure that they are compliant with NIST 800-171 and other relevant frameworks, and include compliance requirements in contracts.
