Compliance resources


The Basics of NIST SP 800-171
The Basics of CMMC
Compliance Today: The Latest CMMC Timeline

White papers & advisory articles

Planning Your Journey to Cyber Maturity

We cover some questions to consider as you prepare your organization to meet compliance requirements and mature your cybersecurity program.

On-demand webinars

Five Steps to Building an Effective CMMC Strategy

The Department of Defense has announced that they are eyeing March 2023 for the release of CMMC 2.0, and the DoD would begin implementing CMMC in contracts as early as May 2023. Depending on where you are in your compliance journey, this leaves less than a year to establish and document policies and procedures, purchase the necessary software, configure your networks, and prepare for CMMC assessments. It’s time to get to work. Watch this webinar replay to learn how you can build an effective strategy for getting and staying CMMC-compliant that meets your unique business needs and is both on time and on budget.

Making Cents of CMMC 2.0: Budgeting for Cybersecurity Compliance

Getting started with NIST 800-171 or CMMC is critical for defense contractors both as they seek to do business with the Defense Department and to strengthen their own networks at a time when the number of cyber-attacks continues to rise. For small and mid-sized businesses, knowing the right things to do and funding everything can be a huge hurdle that only gets harder as standards evolve and the window to be compliant closes. Watch this webinar replay as we help you understand compliance budgeting with a deeper understanding of requirements, tips, tools, and leveraging an RPO.

Understanding the DFARS Rule Change and the DIBCAC Assessment Process

With the new DFARS interim rule, defense contractors are facing increased scrutiny of their organizations’ cybersecurity programs and a larger obligation to demonstrate that they are compliant with the 110 controls defined in NIST SP 800-171. The new rule includes provisions to follow a prescribed DoD Assessment Methodology in self-assessing your cyber program’s compliance and also to potentially submit to a more detailed analysis by the Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC).

Executive Understanding of Cybersecurity

Ardalyst’s President, Michael Speca, joins the Ardalyst Webinar Series to deliver an introduction on cybersecurity for business executives. Watch as Michael takes you through some common misconceptions, dives into what to look for in your cyber program, and provides answers to attendees’ burning questions.

Working with Microsoft to Bring CMMC/NIST 800-171 Compliance to the Defense Industrial Base

Microsoft’s Richard Wakeman joins the Ardalyst Webinar Series with Josh O’Sullivan to discuss the different tools available to help defense contractors meet CMMC/NIST 800-171 compliance.

More Webinars
CMMC 2.0 Masterclass: Where We Go From Here
Implications of Defending IT and OT for DoD and Defense Industrial Base from CMMC to JADC2
Securing Your Remote Workforce: Must-Haves to Do It Right (Part 1)
Securing Your Remote Workforce: Must-Haves to Do It Right (Part 2)
Exploring the Cybersecurity Executive Order's Impact on the Threat Landscape


Securely Working From Home

On this episode of Cyber Report, sponsored by Northrop Grumman, Michael Speca, the president of Ardalyst, and Josh O’Sullivan, a Navy veteran who’s the company’s chief technology officer, discuss how to ensure security while working from home during the coronavirus crisis with Defense & Aerospace Editor Vago Muradian.

Cybersecurity for Small Business

When you hear the term “cybersecurity” you immediately think of large companies and governments. But if you own, or are involved with, a small business or organization you need to consider it as well. Ardalyst president Michael Speca and CTO Josh O’Sullivan join Eye on Annapolis host John Frenaye for a conversation about what small businesses need to know.

Small Business and CMMC

Michael Speca is the president and Josh O’Sullivan is the chief technology officer at Ardalyst. They joined host John Gilroy on this week’s Federal Tech Talk to talk about CMMC and small business. During the interview, Speca talked about the strengths and weaknesses of CMMC on the Microsoft platform. They argue that smaller organizations can leverage the millions of dollars that Microsoft puts into cybersecurity each year.