GENERAL QUESTIONS
Iviry was forged by a team of IT and cyber security professionals with deep concerns regarding our nation’s Defense Industrial Base’s (DIB) ability to defend itself from nefarious actors, both foreign and domestic.
We provide highly secure and compliant IT Services and Incident Response for government contractors and small businesses so they can focus on their core business.
Iviry primarily serves U.S. Defense Contractors, though we also support clients with a need for an enhanced security solution such as a law firm, local government, or home office.
CYBER SECURITY & COMPLIANCE RELATED QUESTIONS
- With our headquarters located in the Washington DC area, Crystal City specifically, we have the ability to leverage our strong network of Legislators, Policy Makers, and Administration Officials.
- Iviry is a Registered Practitioner Organization (RPO) and member of the Industry advisory board for CMMC implementation and National Archives
- Iviry has a Congressional Liaison that monitors legislation and regularly attends the Congressional Hearings
- Due to our leadership’s distinguished history of military service, as well as our being a provider of technology services to the DoD, US Marine Corps, DoJ, Homeland Security and a number of additional federal agencies and military branches, Iviry is well situated in terms of our understanding of the federal regulatory landscape
NIST is actually a government organization, specifically the National Institute of Standards & Technology, and their stated mission is “to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security.” This mission is manifested in the creation of guidelines and protocols around the use and management of technology, of which the NIST SP 800-171 standard is an example.
NIST SP 800-171 is a formal construct of standards related to ensuring “that sensitive federal information remains confidential when stored in nonfederal information systems and organizations.” While this seems to be a simple, straightforward definition, the reality is that, in practice, the 14 Families & 110 Controls that make up the NIST SP 800-171 construct are comprehensive, complex and pervasive in terms of their impact on how federal contractors will conduct their management of Controlled Unclassified Information (CUI) and the associated behaviors required.
The Cybersecurity Maturity Model Certification, or CMMC, is a codified cyber security and cyber hygiene framework established by the Department of Defense (DoD) and applicable to all 300,000 contractors in the Defense Industrial Base (DIB). The overriding intent of the effort is to secure all Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that is possessed, stored or transmitted by defense contractors at any point during the acquisition and/or services delivery phase of their engagement with any element of the DoD. It is considered the foundational consideration for all DoD bids. With the release of CMMC Version 2.0 on December 26th, 2023, and the commencement of actual Defense Contract Management Agency’s (DCMA) audits expected by Q1 2025, defense contractors can expect a significantly heightened focus on cyber security when submitting responses to DoD issued RFP’s. In no uncertain terms, this mandatory standard will directly impact your ability to bid on, and ultimately win, federal contracts.
Essentially, to one degree or another, these regulations apply to any organization that intends to provide goods and/or services to the various elements of the Department of Defense. The core element is the existence, dissemination, handling and storage of controlled unclassified information, or CUI, and to a lesser extent Federal Contract Information, or FCI. John Sherman, the Chief Information Officer for the Department of Defense, and the central figure spearheading the implementation of the Cybersecurity Maturity Model Certification (CMMC) version 2.0, as well as other DoD officials, have indicated that the entire DIB supply chain, primes and sub-primes alike, can expect their cyber security capabilities to be tested with formal audits following the finalization of the rule-making process. This is expected by early 2025.
QUESTIONS ABOUT IVIRY’S SERVICES AND OFFERINGS
As a provider of technology and cyber security and compliance services for Department of Defense contractors primarily, Iviry has categorized our services as follows’
- Managed Support and Managed Security Services
- Classified IT Systems Management (Secret/Top Secret)
- Deployed IT Support
- Cloud Solutions & Custom Application Development
- CyberMentum™, a cyber readiness & compliance solution for DoD Contractors
- Cyber Readiness & Compliance Assessment
- Remediation & NIST Compliance Services
- Cyber Hygiene Sustainment
Iviry delivers a team-based, proactive and scalable Single Point of Contact construct for all technology management needs and utilizes the ITIL4 methodology. Our certified technicians and proprietary security * infrastructure solution stack combine to ensure that your technology infrastructure is protected and running efficiently at all times, allowing your organization to focus on what you do best. Deliverables include the monitoring and management of all technology endpoints, Helpdesk Support for technology related incidents from the basic resetting of a password to the most complex technology issues that an organization can experience. Iviry’s Strategic Services Suite also provides technology road-mapping, guidance and third party technology vendor management services
CyberMentum™ is Iviry’s flagship cyber security solution that ensures our clients meet the highest government security standards established for organizations handling Controlled Unclassified Information (CUI). These standards are established by the National Institute of Standards and Technology (NIST) and CyberMentum™ was designed to both ensure an organization’s compliance with current NIST SP 800-171 regulatory requirements and preparedness for CMMC standards. CyberMentum™ consists of Iviry’s proprietary Cyber Security Compliance Stack of tools and software applications, standards-based IT service protocols, and a highly experienced and certified workforce, and can be deployed for organizations with or without internal technology support teams.
Implementing the full CyberMentum™ suite will ensure achievement and sustainment of NIST SP 800-171 compliance and ensure that your organization is situated to pivot to the upcoming, not fully formed requirements associated with the CMMC framework. In no uncertain terms, an organization’s ability to become or remain a viable federal defense contractor hinges on whether it is NIST SP 800-171 compliant. And with only 1% of current defense contractors actually NIST SP 800-171 compliant, based on a Department of Defense review, its highly likely you’d benefit from a professional assessment of your current state.
Managed Technology Support Services are focused primarily on the basic blocking and tackling of technology management, such as email support, Help Desk Services, network and device monitoring and management, third party technology vendor management plus a whole host of additional possibilities based on an organization’s needs. Iviry takes to heart the concept of Single Point of Contact technology management, so if it has anything to do with technology we will be there for you.
CyberMentum™, on the other hand, is entirely focused on information/cyber security services and compliance. Compliance is a term that means different things to different people currently but we are heading towards a definitive end-game where expectations and requirements will be universal. CyberMentum™, in short, is a process that starts with assessing your current state of cyber readiness/compliance and ends with your organization being fully buttoned down from both an infosec and compliance perspective.
Can I keep my internal IT team for IT Managed Services and take advantage of CyberMentum™ by itself?
Designed specifically for organizations with internal IT teams that intend to pursue Department of Defense contract awards, Iviry’s Managed Security Services offering focuses on a gap analysis, remediation and ongoing sustainment requirements associated with the current NIST SP 800-171 federal mandates, and ensure preparedness for the yet-to-be codified requirements of the CMMC
framework.
Contact us