Select Page
What is CMMC: Cybersecurity Maturity Model Certification?

What is CMMC: Cybersecurity Maturity Model Certification?

CMMC: The Looming Cyber-Security Certification that Affects 60,000+ Companies. 

 

In 2019, the U. S. Department of Defense (DoD) announced a new security protocol program for contractors, called Cybersecurity Maturity Model Certification (CMMC). CMMC is a DoD Certification process that lays out a contractor’s security requirements and it is estimated that between 60,000-70,000 companies will need to become CMMC compliant in the next 1-3 years 

 

CMMC is basically a combination and addition to existing regulations in 48 Code of Federal Regulations (CFR) 52.204-21 and the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, and includes practices from National Institute and Technology (NIST) 800-171, the United Kingdoms’ Cyber Essentials, and Australia’s Essential Eight requirements. International Traffic in Arms Regulations (ITAR) will remain a separate certification from CMMC; though companies that are ITAR Compliant will need to adhere to CMMC as well. 

 

CMMC Version 1.0 was released late January 2020. To view the latest CMMC document, visit the CMMC DoD site. 

 

CMMC Notables 

  • There are 5 Levels of security maturity process (basic is 1 and most stringent is 5) 
  • Any company who directly or even some who indirectly does business with DoD will adhere to CMMC – that means direct DoD contractors and high level CMMC companies’ supply chains must adhere to at minimum base level requirements 
  • No Self-Assessment (unlike NIST) Companies need to get certified through a qualified auditing firm 
  • DoD will publish all contractor’s certification levels requirements 

Is My Business Affected by CMMC? 

 

This is easily answered with a 2-part question: 1, is your business a direct contractor to the DOD, or 2, does your business do business with a company that is a contractor to the DoD*? If you answered “yes” to question 1, then your business will need to be CMMC compliant. If you answered “yes” to number two, then it is very probable that your company will need to be CMMC compliant. 

What are the CMMC Levels? 

  • Level 1 – “Basic Cyber Hygiene”  
    • Antivirus 
    • Meet safeguard requirements of 48 CFR 52.204-21 
    • Companies might be required to provide Federal Contract Information (FCI) 
  • Level 2 – “Intermediate Cyber Hygiene” 
    • Risk Management 
    • Cybersecurity Continuity plan 
    • User awareness and training 
    • Standard Operating Procedures (SOP) documented 
    • Back-Up / Disaster Recovery (BDR) 
  • Level 3 – “Good Cyber Hygiene”
    • Systems Multi-factor Authentication 
    • Security Compliance with all NIST SP 800-171 Rev 1 Requirements 
    • Security to defend against Advanced Persistent Threats (APTs) 
    • Share incident reports if company subject to DFARS 252.204-7012 
  • Level 4 – “Proactive” 
    • Network Segmentation 
    • Detonation Chambers 
    • Mobile device inclusion 
    • Use of DLP Technologies 
    • Adapt security as needed to address changing tactics, techniques, and procedures (TTPs) in use by APTs 
    • Review & document effectiveness and report to high-level management 
    • Supply Chain Risk Consideration* 
  • Level 5 – “Advanced / Progressive” 
    • 24/7 Security Operations Center (SOC) Operation 
    • Device authentication 
    • Cyber maneuver operations 
    • Organization-wide standardized implementation of security protocols 
    • Real-time assets tracking 

One important thing to note about CMMC, is that unlike NIST and other current certifications, CMMC will require certification from an authorized 3rd Party CMMC authorized certification company. Currently, most companies can self-certify for DoD-related securities. EstesGroup is not a CMMC Certification Company, but we can help companies prepare and get their security up to requirements.

For more specifics on CMMC, access the latest DoD’s CMMC Revision.

 

Learn more about CMMC with 5 Ways EstesGroup Helps with Your CMMC Compliance

 

Do you have questions of CMMC or how EstesGroup can help your company with CMMC? You can Contact Us or make a comment in the form below.

 

12 Days of ECHO, Sixth Day: My Admin Gave to Me a Fix for Microsoft IIS Log Sprawl!

12 Days of ECHO, Sixth Day: My Admin Gave to Me a Fix for Microsoft IIS Log Sprawl!

On the Sixth Day of ECHO, my admin gave to me, some tips about Microsoft Internet Information Services (IIS) and log files!

 

Every Epicor E10 and Prophet 21 Middleware server uses Microsoft Internet Information Services (IIS) to get their job done.  And by default, IIS creates a log file on the C: drive for every day it’s running.  Often, we can see how long a server has been running by counting IIS log files.  However, chances are great you don’t ever look at those log files!  Therefore, we recommend disabling the IIS logs in IIS Manager to save the I/O and disk space.  If you need the logs for auditing, we suggest putting them on another volume and marking them with NTFS compression for best performance.  After that, a weekly script to delete the oldest files will keep things neat and trim.  FORFILES /P C:\inetpub\logs /s /*.LOG /D – 30 “cmd /c del @FILE” is my go-to command. 

 

If you liked reading the “Sixth Day of ECHO” return to our main list to read all of the other “12 Days of ECHO” posts.

 

Do you have questions or need assistance with your Epicor system?  Please feel free to Contact Us and see if we can help get your bits and bytes in order.

12 Days of ECHO: EstesGroup ERP Admin Tips and Tricks

12 Days of ECHO: EstesGroup ERP Admin Tips and Tricks

This Holiday Season, EstesGroup would like to give you “12 Days of ECHO” tips and tricks for those ERP System Admins out there.

 

We understand this time of year there is a lot going on for companies, such as: year end preparations, budgeting for the next year, personnel changes, and company shifts, etc. So that being the case, we wanted to bring a bit of humor and help to your holiday.

 

The 12 Days of ECHO:

  1. Epicor ERP SysRow-ID
  2. SQL Licensing
  3. Auto-Login Epicor ERP
  4. SQL 64K Clusters
  5. Too Much RAM for Your Epicor VM
  6. IIS Log Sprawl
  7. Epicor 10 Server Disk Space
  8. SQL Transaction Log Maintenance
  9. SSRS Stealing the Show (CPU)
  10. Epicor Performance Diagnostic Tool PDT for a Sanity Check
  11. Online Transaction Processing vs. Decision Support: How to Find & Avoid Deadlocks
  12. Ransomware 2020, The Good, The Bad, The Ugly

 

For any questions or for assistance this Holiday Season, please Contact Us or let us know below:

 

Much Needed Functionality: Prophet 21’s Rental Management Application

Much Needed Functionality: Prophet 21’s Rental Management Application

To Rent or To Buy – More and More Often, It’s To Rent.

In some ways distribution has not changed over the past 50 years; but in other ways it really has morphed – I know, that statement was non-committal. But take for example product Rental Management. Your customers still want your fantastic product whether that’s cars, industrial equipment, cylinders, furniture, etc. and there is a paper trail to track those rentals and bill appropriately. Unfortunately not many Enterprise Resource Planning (ERP) systems easily track rental products so distributors are forced to look for standalone products and old fashioned paper trails – either way, creating a lot of work arounds or duplication efforts for a company. Epicor recently released a new application for distributors, and I for one, am extremely excited about it.

 

The new Epicor Rentals Management (ERM) solution makes tracking rentals within the Epicor Prophet 21 ERP (P21) simpler and more efficient. ERM handles the actual rental transaction while the P21 application holds all other data like customers, items, accounting, inventory, etc.

 

Prophet 21 (P21) Epicor Rental Management

P21 Rental Management Tracking

Some of the primary benefits of Epicor P21 Rental Management (ERM) are:

  • Efficient Rental Transaction Processing
  • Manages Scheduling and Assignment Processes
  • Flexibility in Pricing Rental Designs
  • Flexibility in Product rentals for day, week, month, mileage, hours used, etc.
  • Simplified contract maintenance
  • Automatic Rental Billing
  • Rental Availability

 

 

What is really nice about the ERM module is that when your customer service or sales team goes to enter in a new rental order, the process is just like any other order in P21 – using the Order Entry Window. With everything setup, the sales associate just enters in the a rental item and P21 switches the order to a Rental Order vs standard Sales Order. Switching to a Rental Order will cause the ERM module to open up and finish the rental processing; with information like state, dates, duration, even serial and lot tracking information.

 

A few of my favorites I’ve seen so far are:

 

Simplified Contract Maintenance

Contracts. Need I say much more before the room starts to groan? Usually contracts are done on paper – sometimes with carbon copies – though often times it’s a matter or printing, signing, and scanning. Thankfully ERM has helped simplify that painful (and let’s face it) rather wasteful process. Within ERM the sales agent can input the data, customer can review the contract and sign for it – making the entire process much simpler. This allows the final contract to be stored electronically with ease, or print or email once finished.

 

 Automatic Rental Billing

The Finance department is going to love this feature. No more grabbing that monthly billing folder / file cabinet / or excel list with customer names and billing frequencies. ERM has automated rental billing which allows finance to set billing intervals and then generate the invoices according to your business schedule.

 

Tracking

Every one loves tracking – dashboards, look up, quick reference, you name it. Having the ability to quickly find the data you need when the customer needs it. The ERM module makes it easy to see rentals by customer, rental product type, etc.

 

Let’s face it, at the end of the day, being a rental business is hard work. Unlike most manufacturers and non-rental distributors – who have little need to track their products once the item has shipped – you need to know who, where, how long, at what price, etc. and then rinse-and-repeat for the next customer. Epicor’s Prophet 21 Rental Management solution solves a large functionality gap for distributors.

 

To end this on a light note; I recently heard a funny rental joke:

 

Why was the mole’s rental fee so costly?

Because he burrowed and never returned

 

Questions or feedback on this article? Wanting more information on Prophet 21 ERP or P21 Rental Management? Let us know.

Announcement: EstesGroup Awarded Epicor Managed Hosting Partner Certification

Announcement: EstesGroup Awarded Epicor Managed Hosting Partner Certification

Hosted Epicor Certified PartnerWe are proud to announce that EstesGroup is an Epicor Software Corporation Certified Managed Hosting Partner. EstesGroup is certified to host Epicor ERP and host Prophet 21 ERP systems. 

 

We are the only Epicor Partner to be Certified for Epicor Hosting, Epicor ERP Sales & Implementations, and Prophet 21 ERP Sales & Implementations.

 

This accreditation means that EstesGroup has met and exceeded Epicor Software Corporation’s rigid data center and expertise capability requirements for being awarded Certified Hosting Partner status. To learn more about these requirements please contact us.

 

“We are honored to be an Epicor-Certified Managed Hosting Partner for Epicor Software Corporation, and the only hosting partner to be certified for Epicor ERP and Prophet 21 ERP systems,” said Bruce Grant, CEO of EstesGroup. “Our company has both functional and technical consultants on staff who know Epicor ERP and Prophet 21 systems.  This means we not only know Managed IT, but we know the industry’s best-practice business processes and the underlying software as well. We provide a full-service solution to fit our clients’ needs.”

 

Epicor Software’s Chief Information Officer Rich Murr said, “Epicor and I would like to congratulate EstesGroup for becoming a Certified Epicor Managed Hosting Partner. EstesGroup has a long history in working with Epicor Software Corporation and our clients as a reseller and implementation consulting organization. Last year they became the first and only US Partner to be certified in Epicor ERP and Prophet 21, and now they achieved Hosting Partner for those products as well. EstesGroup continues to provide clients with a solid foundation of experienced consultants and high level hosting standards. We are looking forward to continued growth and excellent service with the EstesGroup team.”

 

EstesGroup is Certified by Epicor Software Corporation to host and manage clients’ Epicor ERP and Prophet 21 ERP systems. As a Certified Managed Hosting Provider, EstesGroup guarantees better than 99.5% uptime Service Level Agreements (SLAs) for clients’ ERP systems (to see EstesGroup’s 99.7% SLA click here).  EstesGroup is also a Microsoft Cloud Services Partner with SQL Administration, Security Administration, O365, MS Exchange, and Disaster & Recovery expertise.

 

To learn more about EstesGroup’s EstesCloud Epicor Hosting, visit our Epicor ERP Hosting page.

Contact EstesGroup today to learn more about Epicor ERP Hosting or Prophet 21 ERP Hosting.

 

 

 

 

 

About EstesGroup

 

Headquartered in beautiful Loveland Colorado, and established in 2004, EstesGroup (www.estesgrp.com) employees averages 25+ years of discrete manufacturing and distribution industry experience which they leverage to ensure client success. Their employees are spread-out throughout the United States which maximizes talent and local presence for their clients. EstesGroup is a certified reseller, certified implementor, and certified hosting provider for Prophet 21 and Epicor ERP 10. They implement full service cloud, hosted, or on-premise solutions based on client needs and requirements.

 

 

About Epicor Software Corporation           

 

Epicor Software Corporation (www.epicor.com) is headquartered in Austin, Texas, and is a manufacturer of Enterprise Resource Planning software solutions. Today, over 20,000 customers in 150 countries around the world rely Epicor’s  expertise and solutions to improve performance and profitability.

 

Epicor and the Epicor logo are trademarks of Epicor Software Corporation, registered in the United States and other countries. Other trademarks used are the property of their respective owners. The product and service offerings depicted in this document are produced by EstesGroup and/or Epicor Software Corporation.