Secureframe

Congratulations ONCREO Ltd for achieving this milestone! We're grateful to partner with companies like you that prioritize data security and privacy for their customers 🤩

⛓️ Supply chain cyber attacks are on the rise and increasingly damaging. This year, major brands like Jaguar Land Rover, Asahi, M&S, and National Defense Corporation suffered supply chain attacks that halted production, disrupted logistics, triggered layoffs, and exposed defense information that could put military operations at risk. As we head into 2026, one thing is clear: attackers aren’t just targeting data. They’re now targeting the infrastructure that keeps global supply chains running. Deep dive into key supply chain attacks, how they work, and what you can do to protect your organization: https://lnkd.in/eUzE9w8F

In just the past two years, regulators have issued billions in penalties, with 2025 breaking multiple enforcement records: 🥇 HHS has already broken the record for HIPAA violation settlements in a single year 📈 GDPR fines exceeded €5 billion mark for first time 💰 CCPA just issued its largest penalty ever 💼 DOJ announced 7 False Claims Act settlements related to cybersecurity non-compliance Get our full analysis of the biggest fines and enforcement trends to expect: https://lnkd.in/e_ZVWXYn

CyberSheath's latest report shows DIB organizations are still struggling to get CMMC ready: 💥 Fewer than 50% have completed their SSP, POA&M, or all required NIST 800-171 controls. 💥The average SPRS score is 60, which is 50 points short of the required score. 💥69% rate compliance difficulty at 7–10. To help address these challenges, Marc R. is teaming up with certified CMMC assessors from Prescient Security to host a live webinar this Thursday where they'll walk through key steps in the readiness process and explain how to avoid common mistakes along the way. Let's simplify CMMC together—register here: https://lnkd.in/dU3JTanW

Phase 1 of CMMC enforcement starts today, but the DIB is nowhere near ready. 😨 Only 1% of organizations reported full readiness for a CMMC assessment in an October CyberSheath report. 👀 Just 0.5% of the ~80,000 expected Level 2 organizations are certified, according to The Cyber AB's latest town hall. With widespread noncompliance persisting and assessment capacity tightening, automation is the only scalable way the DIB can close the readiness gap fast enough. In the meantime, sensitive information and mission readiness across the defense supply chain remain at risk. Learn more about today’s enforcement milestone, why readiness is still so low, and how organizations can meet contractual requirements fast: https://lnkd.in/eKZF6kPf

Lessons Learned from a CMMC Level 2 Assessment CMMC enforcement begins November 10 — and organizations across the Defense Industrial Base will soon start seeing Level 2 requirements in their contracts. Are you ready? Join Secureframe and Redspin, one of the first and most experienced authorized C3PAOs, on December 4 at 12:00 PM ET for an exclusive look inside a real CMMC Level 2 assessment process. Hear directly from: Robert Teague, VP of Federal Consulting & CMMC Lead Assessor, Redspin Rob Gutierrez, Senior Cybersecurity & Compliance Manager, Secureframe Get actionable insights into: ✅ The phases of a CMMC Level 2 assessment — from scoping to final report ✅ Top 5 preparation tips to streamline your assessment ✅ What assessors look for (and what slows things down) ✅ How to build a successful C3PAO partnership ✅ Real-world lessons from Secureframe’s own certification journey Don’t miss this behind-the-scenes session that will help you prepare for success under CMMC 2.0. 👉 Register now: https://hubs.li/Q03PFLg20

Friday FAQ 🤔 From CS5 East to Zero Gravity Summit, it’s been a packed four weeks for CMMC events. Did you make it to any? Poll options below ⬇️

CMMC enforcement begins Monday, bringing a new level of scrutiny for every organization handling CUI and confirming that the DoD expects contractors to be fully aligned with the latest cybersecurity requirements. You may be wondering: if enforcement is almost here, why does CMMC Level 2 still align with NIST SP 800-171 Revision 2 instead of the newer Rev. 3? The DoD addressed this directly in its September update to the official FAQs (Revision 2): ✅ Will CMMC move to NIST 800-171 Rev. 3? Yes. The Department confirmed that Rev. 3 will be incorporated through future rulemaking. Until that happens, assessments will remain against Rev. 2, supported by a DFARS 252.204-7012 class deviation. ✅ Can contractors implement Rev. 3 voluntarily? Yes. Organizations may adopt Rev. 3 now—as long as they use the DoD’s defined ODPs, originally published in the April memo. With enforcement starting Monday, contractors that are proactively preparing for CMMC Level 2 certification can begin alignment with Rev. 3 now to get ahead of the curve. In an op-ed with Cyberdefense Magazine, our founder and CEO Shrav Mehta breaks down what the DoD's April memo means, how to use ODPs correctly, and how early alignment to R3 can give you a competitive edge. Read it here 👉 https://lnkd.in/e7kBrxcm

60% of organizations experienced at least one vendor-related incident in the past 12 months—and the cost of third-party data breaches increased by almost $400K this year. As one of the fastest-growing threats, managing vendor risk has never been more important. Learn how to build a vendor management policy that actually protects your business and meets requirements for SOC 2, ISO 27001, and other frameworks: https://hubs.li/Q03RV_cZ0

⚠️ Starting Monday, Nov 10, the DoD will begin phasing CMMC certification requirements into new contracts—making readiness more urgent than ever. Next week, we're also holding Part 3 of the CMMC webinar series. Join Marc R. and certified assessors Sammy Chowdhury and Matthew Graham from Prescient Security for firsthand insights into the CMMC assessment process from both sides of the table. Learn: 👀 What assessors look for 🛑 Where organizations frequently get stuck ⚡ How to prepare for an L2 assessment fast Save your spot: https://lnkd.in/dU3JTanW