Back To Business I.T. to Participate in First-Ever Identity Management Day

Identity Management Day, founded by the Identity Defined Security Alliance, aims to educate and engage business leaders and I.T. decision makers on the intersection of identity management and security.

Beavercreek, OH — Back To Business I.T. today announced that it will participate in the first ever ‘Identity Management Day,’ an annual awareness event that will take place on the second Tuesday in April each year. The inaugural Identity Management Day will be held on April 13, 2021.

Founded by the Identity Defined Security Alliance (IDSA), the mission of Identity Management Day is to educate business leaders and IT decision makers on the importance of identity management and key components including governance, identity-centric security best practices, processes, and technology, with a special focus on the dangers of not properly securing identities and access credentials.

In addition, the National Cyber Security Alliance (NCSA) will provide guidance for consumers, to ensure that their online identities are protected through security awareness, best practices, and readily-available technologies.

To support this exciting initiative as a champion, Back To Business I.T. will be sharing information about ways to safeguard your identity online as well as resources available to individuals and organizations.

“Raising awareness around identity management is especially critical after a barrage of identity-based breaches made headlines in the past year, including Twitter, Marriott, and Nintendo. In fact, research by the IDSA reveals that 79% of organizations have experienced an identity-related security breach in the last two years, and 99% believe their identity-related breaches were preventable,” said Julie Smith, Executive Director of the IDSA.

Smith continued, “Compounding this, the ongoing pandemic has accelerated digital transformation initiatives that support changes in how we work and how we live day-to-day, putting organizations at greater risk. Our hope is that Identity Management Day will result in higher prioritization of identity security and, as a result, fewer data breaches in 2021 and beyond. We are grateful for all of the support from IDSA and NCSA member companies and the broader industry to further this mission.”

“Identity-related cybercrimes are nothing new, but the methods that hostile actors are using have changed tremendously,” said Tyler Greenwood, Vice President of Back To Business I.T. “Phishing and identity spoofing are tactics that cybercriminals are using to get people to give up information that’s then used to compromise systems. It’s happening everywhere and unfortunately many people and businesses aren’t taking proper precautions and are paying the price.”

“Identity management isn’t just about passwords anymore”, Tyler added, “It’s about people. Making sure users are trained to recognize maleficence is potentially the most critical factor keeping their identity and credentials safe.”

Back To Business I.T. offers customizable managed services designed to improve your business operations. Whether you have straightforward technology requirements or complex technical needs, Back To Business I.T. offers a full suite of managed services and solutions that can bring value to your operations and solve your technology challenges. One of our most popular services – Security Awareness Training – offers custom-built company-specific campaigns to train employees on cybersecurity risks. We craft and deploy simulated phishing campaigns to test employee awareness and provide resources to strengthen their understanding and increase cyber resiliency.

About the Identity Defined Security Alliance

The IDSA is a group of identity and security vendors, solution providers, and practitioners that acts as an independent source of thought leadership, expertise, and practical guidance on identity centric approaches to security for technology professionals. The IDSA is a nonprofit that facilitates community collaboration to help organizations reduce risk by providing education, best practices, and resources.

To learn more about and get involved in Identity Management Day 2021, please visit www.identitymanagementday.org and check out #IDMgmtDay on Twitter and LinkedIn.

Follow the IDSA

Join the Community: https://forum.idsalliance.org/

Twitter: www.twitter.com/idsalliance

LinkedIn: www.linkedin.com/company/identity-defined-security-alliance/

Blog: https://www.idsalliance.org/blog/

Follow Back To Business I.T.

Facebook: https://www.facebook.com/BacktoBusinessIT/

Twitter: https://twitter.com/Back2BusinessIT

Instagram: https://www.instagram.com/backtobusinessit/

LinkedIn: https://www.linkedin.com/company/back-to-business-it

YouTube: https://www.youtube.com/user/BacktoBusinessIT

What is a CMMC RPO?

Throughout 2020, the U.S. Department of Defense released details surrounding the Cybersecurity Maturity Model Certification (CMMC) requirements for companies in the defense industrial base (DIB). These new consolidated cybersecurity requirements are driving suppliers and contractors to dedicate time, money, and other resources to strengthen their cybersecurity strategy to meet compliance. Depending on the company’s existing cybersecurity posture, some will have much more work to do than others, and they will all need professional guidance.

It’s no surprise that the market has been recently flooded with consulting firms claiming to be experts in CMMC compliance requirements. Keep in mind that not all third-party consultancies are created equal. As a small business, we understand how important it is to properly vet vendors, and make sure you’re getting the most out of every dollar you assign to projects like these.

The CMMC Accreditation Body (CMMC-AB) has introduced five certifications and authorizations to differentiate entities offering CMMC compliance services. These are:

Certified Third-Party Assessor Organizations (C3PAO)
Registered Provider Organizations (RPO)
Registered Practitioners (RP)
Certified Professionals (CP)
Certified Assessors (CA)

We’re happy to provide some details regarding the RPO authorization, and what is involved.

RPOs like The Greentree Group are authorized by the CMMC AB to provide consulting services to government contractors and other companies in preparation for their CMMC assessments. We can also assist during these assessments if there is a finding that will prevent you from attaining your desired CMMC maturity level. However, we do not conduct certification assessments, and we do not grant certified status. Only C3PAOs are equipped to conduct these certification assessments. As an RPO, we are here to provide CMMC guidance and support to companies impacted by these new regulations. It’s important to remember that C3PAOs cannot provide guidance unless they’re also certified as an RPO – and even then, they cannot offer the same services (assessment + guidance) to the same company.

WHAT GOES INTO BECOMING AN RPO

A company must do the following to become certified as a CMMC RPO:

Be an entity owned by a “US person”.
Be registered with the CMMC-AB in order to receive authorization to use the official logo distributed by the CMMC-AB.
Sign an RPO agreement, reflecting a commitment to comply with the CMMC-AB Code of Professional Conduct.
Clear an organizational background check.
Have at least one Registered Practitioner (RP) on their team. An RP is specially trained and authorized by the CMMC-AB to deliver “non-certified advisory services informed by basic training on the CMMC standard” at all times.
Pay an annual registration fee.

These requirements put in place by the CMMC-AB are helpful for companies seeking certification because they provide a measure of legitimacy. As with any new regulations or rules, there will be many companies claiming to be experts in the field, and competing for your business. By selecting a company that has attained its RPO authorization, businesses can be confident that their choice is well suited for the job and committed to CMMC standards.

CHOOSING THE RIGHT CMMC RPO FOR YOUR COMPANY

RPO authorization is an important consideration when choosing a provider- but there are other things you should keep in mind. Other important questions you may want to ask –

How much experience does the RPO have in cybersecurity and maintaining compliance in highly regulated spaces?
- The Greentree Group has supported both DoD programs and DIB clients with obtaining and maintaining required cybersecurity compliance for over a decade

Do they have experience with other frameworks such as CIS CSC, NIST SP 800-53, NIST SP 800-171, and ISO 27001?
- Greentree has cybersecurity experts for the cybersecurity framework you require

How knowledgeable are they about the defense contracting environment?
- Greentree’s cybersecurity team has a combined 50+ years of defense contracting experience

How many years have they been in business? Are they well-established?
- The Greentree Group has been in business for 26 years with an established reputation for excellence in customer support

How easy is it for the provider to scale efforts appropriate to your business?
- We support clients of all different sizes and architectures, as your business grows our support for your cybersecurity needs can grow with you

Note: Back To Business I.T. is a service brand of The Greentree Group.

WHY IS THE RPO AUTHORIZATION IMPORTANT FOR YOUR BUSINESS?

The new CMMC-AB authorization process for RPOs is an effective way for companies to sift through the increasing chatter in the CMMC consultancy space. The RPO certification signals that a consulting firm is invested in the CMMC space, and has committed to cybersecurity best practices. By visiting the CMMC marketplace, companies can look for certified RPOs in their area and reach out on their own terms.

We are authorized by the CMMC-AB as an RPO, and ready to guide your business along in the CMMC journey. Are you ready to learn more? Fill out this form and one of our cybersecurity experts will be happy to provide more information about CMMC compliance.

The Greentree Group is a CMMC Registered Provider Organization (RPO)

We are now a Cybersecurity Maturity Model Certification (CMMC) Registered Provider Organization (RPO) authorized by the CMMC-AB.

This new achievement solidifies our position as a leader in CMMC compliance solutions and services meant to protect government data in defense contractor systems. According to the National Accreditation Board, CMMC-AB is an independent accreditation body “responsible for establishing, managing, controlling, and administering the CMMC assessment, certification, training, and accreditation processes for the Department of Defense (DoD) supply chain.” Our new Registered Provider Organization (RPO) status reflects our commitment to the CMMC Accreditation Body (AB) code of professional conduct. It allows our company to provide advice, recommendations, and consultation to our customers as they seek their own CMMC-AB certifications.

Since 1993, The Greentree Group has been providing comprehensive professional services and technology solutions to small and medium-sized organizations, including:

Cybersecurity solutions
I.T. Support
Cloud Solutions
Technology Strategy

We offer a suite of comprehensive business technology services to include solutions which support Cybersecurity Maturity Model Certification (CMMC) compliance. Our team of cybersecurity experts assist defense contractors in becoming CMMC audit ready by implementing technical solutions and developing documentation and policies required by CMMC. In addition, we provide options for ongoing services to maintain compliance after certification.

CMMC SUPPORTS IT MODERNIZATION AND SUPPLY CHAIN SECURITY

CMMC is a new cybersecurity compliance standard that will be required for contractors to bid and win DoD contracts. The Defense Federal Acquisition Regulation interim rule took effect on November 30, 2020 and initial assessments are expected to begin in calendar year 2021.

CMMC-AB authorized RPOs provide advice, consulting, and recommendations to their clients. They are the implementers and consultants, but do not conduct Certified Assessments. They understand the CMMC Standard, and are qualified as:

Aware – Employs staff trained in basic CMMC methodology
Registered Practitioner Staffed – Offers CMMC trained consultative services
Targeted – CMMC assessment preparation
Trusted – Bound by a professional code of conduct

View our listing on the CMMC-AB Marketplace!

Ready to learn more? Our team of cybersecurity professionals would be happy to provide more details about the CMMC requirements, and what they mean for your business. Contact us today!