What is Cybersecurity?

Ah yes the ‘joys’ of using a laptop or PC that runs Windows software. At one company I worked at, we had an entire testing line that started rejecting product immediately after a Windows update occurred. It was horrible. We couldn’t fix it and so we had to regress the testers back to the previous version and protect them from automatic pushes from Microsoft because we had to have them on our internal network for data collection, etc. It took supreme effort to keep IT from updating the computers or reconnecting them to the enterprise wide network. Eventually after several years MS eliminated the code that was troublesome and we could revert to ‘normal’ operation. The internal ego fights over this were epic…

Hacks and data corruption and self-imposed programming ‘failures’ take many forms and have numerous consequences.

Hi everybody thank you for your responses. We are looking into getting help from an outsource to handle cybersecurity because our IT won't handle it. And i will just forward them all cybersecurity related paperwork to whoever we hire . See attach questions i get and now i will just forward everything to the new hired.

See i was just worry because i was getting all this emails from customers asking about cybersecurity. But now i already talked to my boss and someone else is going to take care of all this.

Quick question--we are looking at Cybersecurity in anticipation of future defense work, so we are in the midst of working to be in compliance with NIST 800-17 per DFARS 252.204-7012, and CMMC 2.0. Do we need to restructure our QMS documents to align with any specific guidelines?

Keal19 said:

Quick question--we are looking at Cybersecurity in anticipation of future defense work, so we are in the midst of working to be in compliance with NIST 800-17 per DFARS 252.204-7012, and CMMC 2.0. Do we need to restructure our QMS documents to align with any specific guidelines?

Click to expand...

Welcome to the cove!
Our IT Manager wrote some procedures that I added to our controlled documents, and I had to make a few minor revisions to our DPD procedure. Otherwise, business as usual.

Cari Spears said:

Welcome to the cove!
Our IT Manager wrote some procedures that I added to our controlled documents, and I had to make a few minor revisions to our DPD procedure. Otherwise, business as usual.

Click to expand...

Thank you!

We were nervous that we would have to re-categorize everything. Our IS department has us helping with process and helping to write policies/procedures. This makes me feel better.

Keal19 said:

Quick question--we are looking at Cybersecurity in anticipation of future defense work, so we are in the midst of working to be in compliance with NIST 800-17 per DFARS 252.204-7012, and CMMC 2.0. Do we need to restructure our QMS documents to align with any specific guidelines?

Click to expand...

Waking an old thread.

I am just about to guide our organization through the process. I got some good info off of some threads here at the Cove. No surprise there!

We will be going through the CMMC 2.0 checklist and seeing what we have in place (a Gap Assessment) to see what we have in place the meets the requirements of DFARS 252.204-7012 and NIST 800-17. If I understand correctly, we will then be better suited to pick a model.

The plan is to integrate the requirements into the current management system and associated documented information. Revise the Quality Manual, our procedures for Control of Documented Info, and create an Info Security Procedure. Integrated audits, integrated management review, and integrated objectives.

Conduct the first round of internal audits. Have a special management review, if required.

Engage the services of a registrar (what is it, an O3CRS? Sorry, my notes at the office) and schedule audits.

Any words of wisdom at this juncture would be appreciated.