Posted on May 10, 2023
MNS Group is pleased to announce that it has received The Cyber AB’s accreditation to certify government contractors and commercial companies with CMMC compliance, strengthening its ability to deliver comprehensive CMMC services.
Overseen by the Department of Defense (DoD) and Cyber AB, the CMMC Accreditation Body, MNS Group successfully passed the CMMC Level 2 assessment administered by the Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), meeting all CMMC Third-Party Assessment Organization (C3PAO) requirements.
Developed by the DoD, The Cybersecurity Maturity Model Certification (CMMC) program is designed to enforce the protection of sensitive unclassified information that is shared by the DoD with its contractors and subcontractors in the Defense Industrial Base (DIB). CMMC will require third-party evaluation to determine whether a contractor is fit to do business with the DoD and participate in the DIB. The Cyber AB established two non-governmental roles: the Registered Provider Organization (RPO) and the C3PAO. MNS Group has been an RPO since November 2020, assisting clients in their preparation to obtain their CMMC.
“With over 20 years of cybersecurity, technology, and business process experience, our team has been assisting members of the DIB to harden their cybersecurity posture and achieve CMMC compliance, and in doing so, strengthen our national security. Certifying as a third-party assessment organization was a natural next step. We look forward to our expanded role validating organizations seeking CMMC certification,” said Tobias Musser, CEO at MNS Group. “It is an honor to meet with DIB businesses and be allowed the opportunity to observe that they have met the tasks needed to secure the sensitive data entrusted to them, so they can get out there and win contracts.”
MNS Group is proud to be one of only forty CMMC C3PAOs accredited to April 29, 2023. It has CMMC Certified Assessors and Professionals on staff, as well as Registered Practitioners.
Read More »
Posted on Dec 12, 2022
The International Organization for Standardization does not derive its abbreviated name, ISO, from an acronym alone. Instead, ISO comes from the ancient Greek word ísos, which means equal or equivalent.
And that’s the underlying idea. The goal of the ISO is to provide common standards among countries. A consumer or client can be assured that a product or service that meets ISO certification is safe and of high quality.
A quality management system (QMS) helps your company meet and maintain ISO standards. There’s even an ISO standard for QMS—ISO 9001—which is the most used QMS in the world.
ISO has developed more than twenty-four thousand international standards, and companies in all fields use them. These standards deal with IT and data security, environmental management, health and safety, and many other activities and products. One of the better-known standards, ISO 27001, deals with information security management.
After the standard is achieved, the QMS lives on and evolves to reflect your company’s changes. To achieve the benefits of and maintain the ISO certification, a commitment to “continual improvement” is required. A specific requirement of ISO 9001:2015 is “continual improvement” – this refers not only to a company’s products and services, but also to the QMS. The standard states: “The organization shall continually improve the suitability, adequacy and effectiveness of the Quality Management System. The organization shall consider the results of analysis and evaluation, and the outputs from management review, to determine if there are needs or opportunities that shall be addressed as part of continual improvement.”
At the end of the year, the company must submit a new assessment. Many companies hire a quality manager or assign an employee to assume the duties of quality management, but it can be difficult to evaluate your company objectively from within. Many companies do not have the budget or need a full-time dedicated employee. That’s why it pays to outsource your QMS after ISO 9001 certification to hands-on consultants who works with you throughout the year and can act on your behalf with the auditing body.
Read More »
Posted on Dec 12, 2022
When did the Sunday Scaries, the anxious dread that precedes the beginning of the work week begin for you? The calendar is full, the to-do list is over-populated, and leaders fill multiple roles leading to burnout and negativity. It is no wonder that the modern professional is not excited to jump out of bed on Monday. A single hire could change this for your organization.
With such heavy workloads, energy toward creativity and out-of-the-box thinking is nil. Business leaders need energy that allows traction toward working ON the business, and not just IN it – spinning plates and wearing so many hats. A technology consultant may be the answer to “smarten” your tech to work for you, so you can work on the business you (used) to love.
What Is Technology Consulting?
These days, a Technology Consultant does much more than manage printers, assist with helpdesk repairs, or install networks; after all, technology is woven into every aspect of business. A consultant serves as a sounding board from whom you can ask questions, who will learn about your business, your goals, and how you implement technology. A good Technology Consultant is NOT an IT consultant; they look at a much broader picture, identifying efficiencies in processes, assessing risk, controlling costs, and advising on compliance and liability. Delegating these roles to experts will help you get back to the work you enjoy and may even help profitability.
A study by IBM and the Ponemon Institute found that the use of emerging technologies reduces costs. For example, the adoption of artificial intelligence, security analytics, and encryption saved companies up to $1.49 million compared to those who did not use these tools.
Read More »
Posted on Jan 28, 2022
MNS Group, the trusted source for managed services, cybersecurity, and compliance services for government contractors, has announced today the achievement of both ISO 27001:2013 and ISO 9001:2015certifications. “We are proud of this achievement: it confirms that MNS Group maintains the highest standards for security information management and quality, and has been audited against the most rigid security and quality standards in the industry,” said Margaret Jacks, COO at MNS Group. ISO 27001:2013 is internationally recognized as the most stringent standard for information security management. Established by the International Organization for Standardization (ISO), 27001 is a comprehensive security management standard that specifies a set of best practices and controls. ISO 9001:2015 sets the criteria for quality management systems and is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach, and continual improvement. These certifications follow security best practices MNS Group previously adopted including SSAE 18 SOC2 controls. The newly-achieved ISO certifications further cement MNS Group’s ongoing commitment to the security, confidentiality, and high availability of its services. “These certifications provide an additional assurance to our valued clients when evaluating the quality, breadth, and strength of our security and business practices,” said Tobias Musser, CEO of MNS Group. “We consider the trust of our customers to be a critical success factor for the company. Adhering to the industry-leading security standard and quality management best practices makes us a better company in addition to building the confidence of our customers.” MNS Group’s certifications demonstrate that Information and Information Security requirements are aligned with MNS Group’s goals and strategic...
Read More »
Posted on Jan 13, 2022
If you don’t have appropriate security systems in place, just a single employee can unwittingly undermine your best efforts in cybersecurity.
A comprehensive security system is vital to derail a potential attack vector, the path of a cyberattack. Good security control starts with understanding data security versus system security and how both help address security threats.
What Is Data Security?
Cybersecurity involves data protection, such as data privacy, integrity, and access control, according to the International Organization for Standardization (ISO).
Examples of Data Security
The international standard for information security, ISO 27001, lists fourteen domains to consider in the protection of sensitive information, such as financial data, intellectual property, or employee details. Some examples of data security include the following:
- Two-factor authentication
- Strong passwords
- Data encryption
- Biometric verification, such as fingerprint authentication
Core Elements of Data Security
You can think about data protection using the CIA triad. The letter C stands for confidentiality, meaning only authorized people can access sensitive data. The I stands for integrity, data consistency and accuracy. The A, for availability, refers to how easily authorized parties can access confidential data.
What Is System Security?
A system security plan includes network security with an eye toward cloud computing.
Common Types of System Security
A common device of system security is a firewall, which monitors network access and should thwart a potential network attack.
On a more complex level, public key encryption encodes two distinct digital keys that work together to prevent unauthorized access to information. Network users must have both keys to access information.
Read More »
