By Chor-Ching Fan When the recently released CMMC Interim Rule (DFARS Case 2019-D041) takes effect on November 30, 2020, the Department of Defense (DoD) will require defense contractors to [...]
DoD CMMC 1.0 Spec Released! What are My Options? By Chor-Ching Fan and David Hall The DoD Cybersecurity Maturity Model Certification (CMMC) intends to be the new best way [...]
By Chor-Ching Fan Under NIST SP 800-171, Department of Defense (DoD) contractors were considered compliant if they could demonstrate a plan for meeting security requirements at a future date. [...]
By David Trout Many small-and medium-sized businesses (SMBs) are more vulnerable to cyberattack than large enterprises, due to their limited knowledge of cybersecurity practices and budget constraints. A recently [...]
By Chor-Ching Fan With theft of Controlled Unclassified Information (CUI) on the rise, DoD announced the Cybersecurity Maturity Model Certification (CMMC) program on May 24, 2019. CMMC will require [...]
by David Trout When working in the federal IT space, next to proactive security, compliance is everything. Thousands of pages of requirements exist between the Federal Acquisition Regulation (FAR) [...]
By David Trout Controlled Unclassified Information (CUI) is what NIST 800-171 is all about. Once you figure out what it is, then you need to know where it is, [...]
By David Trout NIST 800-171 security controls are purposely designed to be broad, so that individual contractors can adapt them to their operations. While this non-specific approach supports a [...]
By Chor-Ching Fan Finding areas where your security controls are lacking does not mean NIST 800-171 compliance is out of reach. If you are unable to meet all NIST [...]
By David Trout With today’s integrated information systems it can be a challenge to understand where one system ends and another begins. Getting the system boundary right can make [...]
