2.1
On August 4, the Office of Management Budget (OMB) released a series of documents detailing updates to the Cybersecurity Maturity Model...
top of page
Shelby Scott
- Jul 26
- 3 min
Alternative Control Guidance
On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...
Nick Martin
- Jul 7
- 6 min
TikTok Ban in Effect: FAR 52.204-27 Interim Rule
Last month, the Office of Management and Budget’s (OMB’s) memorandum requiring the removal of TikTok from government devices impacted the...
Shelby Scott
- Jul 5
- 4 min
Here Comes the Airplane: A Glance at the Near-Future of Cyber Rulemaking
In the wake of NIST 800-171 Revision 3, the near-future of information security has been discussed at length across the Defense...
Shelby Scott
- Jun 28
- 3 min
The First 72
On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...
Nick Martin
- Jun 21
- 4 min
Google Workspace for the DIB?
The manufacturing and critical infrastructure sectors in the United States are under threat. In particular, Defense Industrial Base (DIB)...
Shelby Scott
- May 17
- 4 min
The Gist of NIST SP800-171r3
Last week, the National Institute of Standards and Technology (NIST) published a draft revision of Special Publication (SP) 800-171. SP...
Vincent Scott
- Apr 28
- 3 min
DoD Guidance on Control Flexibility
On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...
Shelby Scott
- Apr 19
- 4 min
CMMC Tracking: Three Pro Tips
The most current version of Cybersecurity Maturity Model Certification includes 110 practices or security requirements, also called...
Shelby Scott
- Apr 5
- 5 min
Auntie Em! Auntie Em! It’s an Acronym!
The yellow brick road to Cybersecurity Maturity Model Certification (CMMC) is paved with one thing. Acronyms. In order to take your...
Shelby Scott
- Mar 29
- 3 min
Are You Late For a Very Important Date?
On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...
Vincent Scott
- Mar 22
- 2 min
I FAQ, Therefore I Am
On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...
Shelby Scott
- Mar 8
- 4 min
'Love' is a Verb. So is 'Identified.'
If you’ve ever picked up a self-help book, you may have come across the phrase “love is a verb.” This adage is designed to draw attention...
Vincent Scott
- Feb 1
- 2 min
Micro Blog - 3 Questions about POA&M
What is a POA&M and when do I need one? According to NIST SP 800-37 Rev. 2, a Plan of Actions and Milestones (POAM or POA&M) is, “A...
Vincent Scott
- Jan 18
- 2 min
Micro Blog - 3 Questions about Potential CMMC Changes
Is the new CMMC rule going to be a draft rule or an interim final rule? While an interim final rule was originally scheduled for release...
Vincent Scott
- Nov 26, 2022
- 4 min
'The Fifth Risk' of Vulnerability Management
As seen on GRC Viewpoint: https://lnkd.in/dHQjaGQz. Maintaining an environment which centralizes not only the protection, but the...
Jack Poltorak
- Oct 11, 2022
- 1 min
Microsoft Exchange Server – Two Zero Day Vulnerabilities Found
On September 29th, Microsoft announced Zero Day vulnerabilities which affect the 2013, 2016 and 2019 versions of Microsoft Exchange. Note...
Vincent Scott
- Jul 1, 2022
- 3 min
Handling CUI
This question of U.S. ONLY and CUI comes up a lot. To be clear, although I have deep experience on the sharing of intelligence...
Vincent Scott
- Jun 21, 2022
- 4 min
DIB Contractors should start considering an Evidence Locker for CMMC
Organizations seeking certification, or OSC, in the Defense Industrial Base (DIB) should start considering the creation and maintenance...
Vincent Scott
- Jun 1, 2022
- 4 min
CMMC Rollout: Where to Next?
Several people have asked me about this one. I posted this in the NDIA forum a week or so ago to generate discussion there on the current...
bottom of page