Archer has some exciting updates coming out, as the platform has completely eradicated Silverlight from the platform along with releasing significant UI/UX changes and rolling out a CMMC solution.
Archer has now fully removed Silverlight with end-of-life support coming to a close in October. Now shifting some focus away from Silverlight removal, Archer has focused on other changes with the latest release as well. (See the version, expected release date, and technology that will replace Silverlight’s functionality here.)
How should organizations be prepared for the Archer changes to come?
To avoid losing functionalities or falling behind the curve, organizations should plan out regular cadence and operational processes for short-term patching and long-term planning out how to take advantage of changes coming down the pipe. Much like we’re seeing with Silverlight, as new versions are released, the older versions lose parts of their functionality.
These processes can be self-guided by the organizations implementing them, or the organizations may need outside support to guide in strategies and processes and facilitate planning and execution.
How will the CMMC solution help Organizations Seeking Certification (OSCs)?
CMMC compliance will need to be incorporated into existing compliance frameworks for OSCs, including organizations that already employ Archer’s services or small to medium-sized organizations that don’t yet use a GRC program but recognize the need for a GRC tool to achieve and maintain CMMC compliance.
Many of these small-to-medium organizations will be in search of tools that will assist them achieve and maintain their CMMC compliance, because managing risk in word documents or online spreadsheets isn’t optimal when it comes to efficiently managing the scope of work that CMMC compliance entails.
For example, to reiterate the scope of work, with ML3 (where a majority of organizations will need to be here as this is the level required to handle CUI) organizations have 130 practices in scope that all need to be assessed on a 3 year period to attain and maintain CMMC assessment. When that assessment happens, there cannot be any open remediation plans or POA&Ms—everything must be complete and in full compliance at the time of assessment.
With this high level and detail of compliance work required, it will be important for organizations to enable their CMMC initial compliance and ongoing maintenance of compliance with a GRC tool (such as Archer) to gain efficiency when it comes to the process as well as track any findings they’ve had against their CMMC compliance in the past that have been closed and to ensure they are fully compliant at the time of assessment.
The CMMC tools and applications are continually being built out and updated, but the platform currently includes CMMC-specific questionnaires, use cases for CMMC management, and the ability to perform assessments.
Archer has available the CMMC authoritative source framework content and mappings to control standards within the Archer Control Standard Library. Read more here about Archer’s expertise on the CMMC model and cybersecurity best practices.
This document focuses on the CMMC model which measures cybersecurity maturity with five levels and aligns a set of processes and practices with the type and sensitivity of information to be protected and the associated range of threats. The model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the broader community.
What is the expected timing for all of these changes within Archer?
The first priority continues to be removing Silverlight as end-of-life support ends October 2021. With the release of 6.9 SP3, the back-office administrative pages have fully deprecated the use of Silverlight enabling faster user acceptance testing and platform stability.
The CMMC solution for Archer was released in May 2021, but new additions will continue to be released as they are completed.
It’s absolutely essential that companies using Archer stay up-to-date with the platform in order to seamlessly integrate these updates. Organizations using Archer should install SP2 and SP3, if this hasn’t been done already, in order to successfully complete all the infrastructure updates required for newer versions of Archer.
These implementations can be self-guided within the organization, or organizations may elect to bring in an outside team to guide them in the process. As an RPO and C3PAO candidate with several team members that possess a deep knowledge of the Archer platform, Cential can certainly be of assistance to organizations looking to implement the CMMC module or upgrade their Archer platform as a whole.