CMMC Level 2 & DLA RD004/RD005
What Defense Contractors Must Know Now The Department of Defense (DoD) and the Defense Logistics Agency (DLA) have entered a new enforcement phase. Updated CMMC Level 2 requirements and DLA clauses RD004 and RD005 now determine whether contractors are eligible to compete for and retain…
DoD Clarifies CMMC Applicability for Paper only CUI: What Contractors Need to Know
Earlier this month, the U.S. Department of Defense updated its Cybersecurity Maturity Model Certification (CMMC) Frequently Asked Questions (FAQ) to clarify the applicability of CMMC assessments when an organization handles Controlled Unclassified Information (CUI) in paper/hardcopy form only. This paper examines the substance of that clarification, its…
Updated 2025 Cost Framework for CMMC Level 2 Compliance: Integrating DoD, Industry, and Practitioner Data
This paper builds upon prior Atlantic Digital (ADI) research examining the financial and operational realities of achieving Cybersecurity Maturity Model Certification (CMMC) Level 2 compliance across the Defense Industrial Base (DIB). ADI’s 2024 “Feasibility of SMBs in the DIB” analysis (ADI, 2024a), explored the economic…
Transitioning from Manual Compliance to GRC for Strategic Advantage
This paper explains when transitioning from spreadsheets to an integrated Governance-Risk-Compliance (GRC) platform becomes cost-effective, and how Atlantic Digital, through its partnership with IntelliGRC, delivers real-time visibility, automated evidence tracking, standardized workflows, and sustained CMMC readiness. From Manual Strain to Strategic Enablement For defense contractors…
Risks and Remedies in CMMC Self-Attestation: Managing SPRS Scoring and Legal Exposure
In September 2025, the Department of Defense finalized DFARS updates implementing the Cybersecurity Maturity Model Certification (CMMC) program into the Federal Acquisition Regulation Supplement. Effective November 10, 2025, the rule makes both self- and third-party cybersecurity assessments contractually enforceable for defense contractors (Federal Register, 2025)….
The SA-24 Update: Critical Implications for Defense Industrial Base Compliance
The recent update to NIST SP 800-53 (Release 5.2.0) on August 27, 2025, introduced a significant new security control, SA-24 “Design for Cyber Resiliency,” that warrants immediate attention from Defense Industrial Base (DiB) organizations (NIST 2025). Rationale for SA-24 Introduction The inclusion of SA-24 in…
DOM-based Extension Clickjacking: The Silent Threat to Your Password Manager
In the world of cybersecurity, sometimes the most dangerous threats are the ones hiding in plain sight, or rather, the ones hiding behind what you can’t see. Introduction Password managers have become the digital equivalent of Fort Knox for many of us (trusted guardians of…
Navigating the Latest DoD Memo on CMMC Certification Requirements with Atlantic Digital
Introduction The Department of Defense (DoD) continually updates its cybersecurity protocols to safeguard sensitive information within the Defense Industrial Base (DIB). The latest memorandum, “Implementing the Cybersecurity Maturity Model Certification (CMMC) Program” (DoD), introduces significant changes to the Cybersecurity Maturity Model Certification (CMMC) requirements, directly…
The Limits and Realities of Cyber Insurance
Cyber attacks now cost organizations $4.88 millions per breach on average (IBM). This stark reality underscores the importance of cyber insurance as a critical tool for financial and operational risk mitigation. However, the complexities and limitations inherent in these policies create significant challenges for businesses. To navigate…
Cyber Insurance in 2024—Key Requirements and Industry Insights
Businesses are losing an average of $4.88 million per breach from cyber attacks in 2024, and these figures continue to increase (IBM). The rising threats have turned cyber insurance from a nice-to-have into a must-have business tool. The cyber insurance market moves faster than ever….
Categories
- Compliance (26)
- Cyber Insurance (2)
- Cybersecurity (26)
- Government (17)
- Uncategorized (4)
- vCISO services (18)