CMMC Says Goodbye to POAMs
By Chor-Ching Fan Under NIST SP 800-171, Department of Defense (DoD) contractors were considered compliant if they could demonstrate a plan for meeting security requirements at a future date. [...]
By Chor-Ching Fan Under NIST SP 800-171, Department of Defense (DoD) contractors were considered compliant if they could demonstrate a plan for meeting security requirements at a future date. [...]
By David Trout Many small-and medium-sized businesses (SMBs) are more vulnerable to cyberattack than large enterprises, due to their limited knowledge of cybersecurity practices and budget constraints. A recently [...]
By Chor-Ching Fan With theft of Controlled Unclassified Information (CUI) on the rise, DoD announced the Cybersecurity Maturity Model Certification (CMMC) program on May 24, 2019. CMMC will require [...]
by David Trout When working in the federal IT space, next to proactive security, compliance is everything. Thousands of pages of requirements exist between the Federal Acquisition Regulation (FAR) [...]
By David Trout Controlled Unclassified Information (CUI) is what NIST 800-171 is all about. Once you figure out what it is, then you need to know where it is, [...]
By David Trout NIST 800-171 security controls are purposely designed to be broad, so that individual contractors can adapt them to their operations. While this non-specific approach supports a [...]
By Chor-Ching Fan Finding areas where your security controls are lacking does not mean NIST 800-171 compliance is out of reach. If you are unable to meet all NIST [...]
By David Trout With today’s integrated information systems it can be a challenge to understand where one system ends and another begins. Getting the system boundary right can make [...]
By Chor-Ching Fan The adage “your greatest strength is also your worst weakness” applies to compliance frameworks too. NIST 800-171 requirements were designed to be flexible, which turns out [...]