CMMC 2.0 – What, How, and Why Act Now?
Stuart Itkin, Vice President, CMMC & FedRAMP Assurance, Coalfire Federal
With the recent streamlining of the Cybersecurity Maturity Model Certification (CMMC) framework, the path to assure Defense Industrial Base (DIB) cybersecurity has changed dramatically from what was originally planned. There’s a lot to learn about CMMC 2.0, but the objective remains the same: protect sensitive defense information from theft by our adversaries. The plan to achieve that objective now recognizes the challenges of fielding a small army of third-party assessors over a compressed timeframe and the business impact and cost on small and medium sized DIB organizations.
The Biggest Update You’ll Barely See
Kyle Pippin, Senior Director, Product Management
It’s been more than 10 years since ThreadFix had its first lines of code written by its creator, Dan Cornell, as a means of solving a very pervasive issue in the application security space. While it quickly became a popular talking point at conferences and app sec parties (they exist!), it was never expected that a decade later our product would be the centerpiece to Fortune 100 organizations’ SDLC processes across a variety of verticals from healthcare to financial services, and from telecommunication giants to the top global banking institutions. The “little-code-project-that-could” practically found itself by accident solving some of the most significant custom application security challenges faced by the largest of organizations.