Dovestech

Subscribe to DovesTips

icon

DovesTip 01 – CMMC Vulnerability & Patch Management Strategies NIST 800-171

The pending inclusion of the Cyber Maturity Model Certification in the DFARS and the existing DFARS 7012 are centered on protecting controlled unclassified information (CUI).  Industrial control equipped environments such as manufacturers, building developers and managers or grid suppliers for example 

Have more than just IT networks to contend with.  Vulnerabilities in operational technology (OT) are on the increase and while the majority of attack vectors leverage weaknesses in IT systems and mis configuration of network devices and software are still the easiest ways for threat actors to succeed in compromising a businesses systems and operations.  The Defense Contract Management Agency (DCMA) high confidence DFARS 7012 audit requires a review of asset data, vulnerability scans just to name a few elements that an assessor will ask for.

The  CMMC and DFARS 7012 both have a requirement for configuration and vulnerability management. Below are some quick tips that should help: 

An asset inventory across all assets in the ICS/OT environment – If you do not have one, a network sensor can scan your network, produce a network map, finger print assets and scan for vulnerabilities. 

Converged sensors combine the ability to scan IT, IoT and OT assets on a network.  

Our experience at Dovestech is that small and medium sized businesses rarely have the time and or resources needed to conduct a necessary function, frequent reviews of vulnerability scans and asset maps to check for changes and to develop a plan of attack to patch vulnerabilities or to detect unauthorized configuration changes to the network.  OT networks cannot always be patched.  Compensating mitigation strategies can serve as an alternative and risk reduction strategy. 

Need help in getting ready for CMMC or DFARS 7012?  Dovestech stands ready to help.  Engineers with IT and OT certifications but more importantly experience!  Dovestech can provide IT and OT cyber  tools, cost effective cloud based SEIM,  compliance platform and services. 

Keeping it real, there are no 100% cyber risk elimination solutions and compliance with CMMC and DFARS 7012 requires that you make an investment in time and yes some money to achieve success.  

Experience matters and Dovestech has been supporting DFARS 7012 and CMMC readiness in support of small and medium sized businesses across the US.  Our team can support your compliance and cyber security requirements completely remotely. 

Ready to talk?  Email:  info@dovestech.com