By Aaron G.
Every day a new attack is successful. You hear it on the news all the time. A system is breached, a server is highjacked, or a business becomes crippled by ransomware. Now more than ever, organizations both private and public NEED to be aware of IT Security best practices and methods to prevent attacks. ActioNet supports many customers who process sensitive data, some of which are critical to mission success and integrity.
Not long ago, the Department of Defense issued a new requirement to achieve a minimum baseline of security requirements in order for contractors to be eligible to compete on and support contracts. This requirement has evolved significantly in the past two years, but the core is largely based on compliance with NIST 800-171 security controls. The Cybersecurity Maturity Model Certification (CMMC) has assembled these controls (with a few others) to generate a comprehensive framework for which organizations can be audited against. This year, proposals from the Department of Defense will begin requiring CMMC compliance, and it is expected that many other Government Agencies will follow suit in short time.
Working side by side with several IT Security Professionals, many of whom have previously worked within the Government sector, ActioNet began by digesting CMMC requirements into an easy to navigate matrix. We went through a rigorous deep dive and interpreted each control one-by-one to identify weaknesses and areas for improvement and we left no stone unturned, scrutinizing and discussing fully each control until our interpretation was unanimous.
Wasting no time, ActioNet began implementing Security upgrades across the organization. Technological improvements such as Multifactor Authentication, Encryption, Event Log Aggregation, and Vulnerability Scanning became priorities. Following that, process/policy improvements in key areas such as Event/Incident Management, Security Awareness Training, and brand-new regulations for managing sensitive data were all designed and redesigned to enhance security and meet CMMC requirements.
Another critical area of achieving compliance and improving Security is in Modernization. Maintaining aging IT Infrastructure represents a significant liability as attackers can take advantage of any neglected or outdated system to infiltrate the rest of the organization. Our imperative is to eliminate as many attack vectors as possible by migrating all our services to modern cloud hosted solutions. ActioNet is on track to be 100% cloud native in 2023, a significant milestone representing the hard work and collaboration from multiple teams across the organization.
Our selection process for service providers has become critical to our success. We naturally hold each of them to the same security standards found within CMMC, but more so, we ensure they have previously performed work in the government sector. As a result, many of the providers we work with are already FedRAMP compliant. The IT Team at ActioNet has always been at the forefront of technology and we work hand-in-hand with our solution teams to share lessons learned, success stories, and product evaluations. We inevitably discover many potential solutions for our customers’ unique and varying needs within the services we use internally. We share best practices, lessons learned and proven implementation plans with our customers with the experience to back it up!
Continual improvement is at our core, and we thrive best when the work is challenging and knowing what is at stakes for all of customers and the critical missions we are privileged to support. After years of hard work, dedication, and customer focus, ActioNet is now ready for the future in an age of IT Security, and our efforts have prepared us to lead and stand out as a trusted partner. We must prioritize IT Security in everything we do as this has become a de-facto requirement for customer success. ActioNet is on track to achieve CMMC certification in compliance with the forthcoming Department of Defense contracts that require this, and when our customers’ have critical initiatives, we do what we do best; we roll up our sleeves and get to work!