Login
Velocity Goes Freemium

Velocity Goes Freemium

by | Mar 17, 2022 | Strategy

Background

Our company mission is to “Secure the Planet”.  This means that we aim to provide education and solutions that any company in the world can use to reduce cyber risk.  Our flagship product, Velocity, is a web application (SaaS product) which companies can use to evaluate their own cybersecurity posture as well as to evaluate cyber risks in all of their third-party vendors.  While we strive to have fair pricing and various levels that companies of any size can subscribe to, it’s clear that some organizations simply do not have funds budgeted to spend on cybersecurity or to try new products. We’re moving Velocity to a freemium model so any company can measure their baseline security posture for free.

Details

If we’re serious about securing the planet and providing solutions for all organizations regardless of size and budget, we needed to expand our offerings. From my many years working in the cybersecurity industry, both on the customer side and the consulting side, I know that many organizations do not evaluate their security posture at all.  Many of those that do, still measure their security posture using an inefficient, often inaccurate, spreadsheet approach. They list every cybersecurity measure that they should be doing in one column and then they state whether they are completing the task or not in another column.  It’s easy, but inefficient, painful to manage, difficult to track progress, and tough to update.  Velocity eliminates the need for spreadsheets to measure internal risk with these known frameworks. The free version of Velocity is an easy and economical tool for any company in the world to measure their cyber security posture.

What is included?

In the free version of Velocity, companies can evaluate their own security posture using any of several frameworks.  Additionally, companies receive access to dashboards that give critical insight into their security posture.  As an added benefit, companies  eliminate the use of inefficient spreadsheets to evaluate risk.  The frameworks that are included in the free version of Velocity are as follows:

  1. CISA Shields Up – To address increased risk due to Russia’s invasion of Ukraine, the Cybersecurity & Infrastructure Security Agency (CISA) released security guidance for organizations.  This free valuable guidance is built into Velocity. We will continue to update this significant resource on Velocity as the guidance updates and transforms.
  2. CMMC 2.0 Level 1 – In late 2021, the Department of Defense (DoD) released CMMC 2.0 which is designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).  There are three levels within this model and most defense contractors will need to adhere to Level 1. Organizations can evaluate their compliance with Level 1 CMMC 2.0 for free within Velocity. The smaller subset of organizations that access more classified information can pay for a Velocity subscription to evaluate their compliance with the higher levels within this framework.  Our company pays to have certified CMMC staff.  For more information on CMMC, please review our latest article on the subject:  https://www.sternsecurity.com/blog/cmmc-2-0-program-update/
  3. CIS v8 Group 1 – The Center for Internet Security (CIS) has a well-known list of cybersecurity controls that are recommended for all organizations.  The latest version (v8 as of this writing) splits the security framework into three groups depending on the size and cybersecurity maturity of the organization.  The free version of Velocity includes the first group, Implementation Group 1.  Organizations looking to evaluate their maturity with Groups 2 and 3 can upgrade to a paid subscription within Velocity.  Our company pays an annual license fee to utilize this security framework.

How do we pay for this?

We have to pay for this somehow as we definitely cannot help secure the planet if we don’t have the funds to run our product.  While several frameworks (or parts of frameworks) are free, we have over 10 other major security and compliance frameworks that companies can pay a subscription for. We continue to add more frameworks.  We pay subscription fees which we pass on to companies who subscribe to additional features within Velocity.  Additionally, we charge companies to evaluate the security posture of their vendors.  While utilizing the free version, there is an easy path to upgrade to a paid subscription to utilize other frameworks or evaluate vendors.

How do I get my free account?

Go to https://www.velocitysec.com and create your free account today!

Conclusion

I’m incredibly excited to announce our freemium version of Velocity.  This is the result of months of hard work from an amazing team.  We are so proud of the result and what it can do for the world.  Now that Velocity is offering this freemium model, we see a clear path to making our motto “Secure the Planet” a reality.  Velocity is not going to solve every cybersecurity problem, but it does give organizations actionable items they can perform to reduce risk.  Now any company in the world can measure their baseline security for free on a beautiful web interface.

Sincerely,
Jon Sternstein, Founder

CMMC 2.0 Program Update

CMMC 2.0 Program Update

by | Jan 30, 2022 | Cybersecurity Frameworks

On November 4, 2021, to safeguard sensitive national security information, the Department of Defense (DoD) launched Cybersecurity Maturity Model Certification (CMMC) 2.0, a comprehensive framework to protect the defense industrial base (DIB) from increasingly frequent and complex cyberattacks. With its streamlined requirements, CMMC 2.0 was created to:
• Cut red tape for small and medium sized businesses
• Set priorities for protecting DoD information
• Reinforce cooperation between the DoD and industry in addressing evolving cyber threats.
The Department posted the CMMC 2.0 model for Levels 1 and 2 in December with their associated Assessment Guides and scoping guidance. Level 3 information will be posted as it becomes available (currently still under development).

What is CMMC Intended to Protect?

The CMMC model is designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that is shared with contractors and subcontractors of the Department through acquisition programs.

What is FCI?

In alignment with section 4.1901 of the Federal Acquisition Regulation (FAR), FCI is defined as information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as that on public websites) or simple transactional information, such as that necessary to process payments.

What is CUI?

CUI is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls. The CUI Registry provides information on specific CUI categories and subcategories and can be accessed through the National Archives and DoD websites.

Who Must Comply?

The CMMC program includes cyber protection standards for companies in the defense industrial base. By incorporating cybersecurity standards into acquisition programs, CMMC provides the Department assurance that contractors and subcontractors are meeting DoD’s cybersecurity requirements.

By When?

The changes reflected in CMMC 2.0 will be implemented through the rulemaking process. Companies will be required to comply once the forthcoming rules go into effect. The Department intends to pursue formal rulemaking both in Part 32 of the Code of Federal Regulations (C.F.R.) as well as in the Defense Federal Acquisition Regulation Supplement (DFARS) in Part 48 of the C.F.R. Both rules will have a public comment period. Stakeholder input is critical to meeting the objectives of the CMMC program, and the Department will actively seek opportunities to engage stakeholders as it drives towards full implementation.

What Does this Framework Look Like?

CMMC Model 2.0 Levels
Source: https://www.acq.osd.mil/cmmc/about-us.html

How Can Stern Security Help?

Stern Security’s Security & Compliance Architect has become a Registered Practitioner (RP) through the CMMC Accreditation Body (CMMC-AB) and we’ve added both CMMC 2.0 Level 1 and Level 2 to Velocity. We’ve made it easy to self-assess for the CMMC 2.0, allowing our customers to prepare for the final versions of this framework. Velocity provides easy-to-understand examples combined with detailed explanations for each control to help our customers simplify their compliance efforts.