Security as a 4th pillar of acquisition is a timely and crucial DoD (Department of Defense) initiative. The CMMC (Cybersecurity Maturity Model Certification) implementation is an imperative step towards Enterprise cyber defense goals, but it is only a partial answer since many agencies and enterprises still operate in silos and many business functions are disconnected. Our out-of-the-box CARE approach aligns with 4 out of the 5 pillars of the National Counterintelligence Strategy released in February 2020.
The CARE module is based on an Enterprises’ ability to baseline and prioritize critical programs, personnel, facilities, suppliers / vendors / subcontractors, and assets within the Fresh Haystack ecosystem to access, manage, investigate, and mitigate Risk continuously.
Our approach to identifying Enterprise Risk baseline on multiple Risk Streams is by prioritizing and evaluating them, documenting mitigations, scoring the baseline, and producing a Tailored Security Plan (TSP) tracking all activities needed for reducing risk exposure. For example, supply chain and cyber risk vectors specific to CMMC have the capability to store and track not only controls related to each CMMC level, process or practice but also capture mitigation date/actions as well as artifacts with proven completion of a particular control.