top of page
Chloe Bernard
Jan 32 min read
How to Simplify the PIEE Recipe
According to the DoD, uploading a NIST self-assessment score is supposed to be as easy as an easy-bake pie. If you are a prime already...
Milt Songy
Dec 19, 20245 min read
CMMC and Contract Negotiation
CMMC is an enterprise challenge — not just an IT challenge...this blog focuses on efforts required to negotiate contract specificity and...
Vincent Scott
Dec 12, 20243 min read
CMMC: Compliance Mt. Everest
I would assert that CMMC is by far the most challenging cybersecurity assessment methodology ever; the federal compliance Mt. Everest.
Vincent Scott
Nov 18, 20243 min read
When do I get the points?
Many companies today are working to update their SPRS score. The standard model for this is to conduct an assessment, assign a score,...
Chloe Bernard
Nov 4, 20244 min read
What's an Evidence Locker, and why do I need one?
Well, the short answer is because you have to because they make you. Wait, evidence locker appears nowhere in the rule. You are making...
Vincent Scott
Oct 24, 20242 min read
32 CFR 170 Final Rule: 10 Initial Impressions
I have completed my initial skim of the 470 pages of the 32CFR170 Final Rule. I think it's a huge improvement over the proposed version.
Shelby Scott
Oct 15, 20243 min read
What kind of training does a L2 CMMC require?
Cybersecurity Maturity Model Certification (CMMC) includes a list of controls that dictate training requirements for relevant employees:...
Vincent Scott
Sep 26, 20243 min read
Do I Need to Have a SIEM for CMMC?
The DoD is rolling out their new cybersecurity audit plan around NIST SP 800-171: Cybersecurity Maturity Model Certification, or CMMC....
Shelby Scott
Aug 28, 20246 min read
The Power of Definition
This ‘power’ allows organizations to define crucial variables for themselves as they document their information security architecture.
Vincent Scott
Aug 7, 20244 min read
10 Cybersecurity Tips for Small Business
Tip 1. You're not too small to be a target. I once had a person in a major corporation say to me, “We are a soap and diaper company. Who...
Vincent Scott
Jul 22, 202410 min read
The Challenge of CMMC Documentation
Ah, documentation. The most beloved part of every cybersecurity and IT professional's day. If only they could have more paperwork, then...
Vincent Scott
Jul 10, 20242 min read
Mini Blog: CTI in a Nutshell
Controlled Technical Information (CTI) is really at the heart of what DoD wants/needs to have protected as a part of many ongoing DoD...
Nick Martin
Jun 10, 20246 min read
Understanding Microsoft Windows Copilot+ Recall
Microsoft's introduction of the Copilot+ Recall feature has sparked significant concern within the cybersecurity and compliance...
Shelby Scott
May 24, 20244 min read
COOEY Kittens!
The CMMC ecosystem has experienced a major increase in activity in 2024.This ramp-up has seen us lean on a number of new analogies when...
Jacob Scott
Apr 18, 20242 min read
What is Periodic?
How often should our company review our compliance with the NIST SP 800-171 security requirements?
Jacob Scott
Apr 4, 20243 min read
DFARS FAQ and Contractor Noncompliance
On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...
Shelby Scott
Feb 26, 20248 min read
CMMC Myths
The origin story of Cybersecurity Maturity Model Certification (CMMC) goes back more than 20 years. Having roots in 32 CFR 2002, the...
Vincent Scott
Feb 5, 20247 min read
How to conduct a DoD Cyber Self-Assessment?
What the heck is this spurrrs thing people keep talking about? And why did my prime just ask us if we have one? The Supplier Performance...
Vincent Scott
Jan 10, 20244 min read
88 MPH: CMMC 2.11 Draft Rule and the DIB's Need for Speed
On 22 Dec (pre-release) or 26 Dec (official inclusion in the Federal Register) the DoD and OMB released the new Title 32CFR170 CMMC Rule....
Vincent Scott
Dec 4, 20232 min read
Be Better, Not Perfect
For Defense Industrial Base (DIB) companies, it has been a long 3 years in cybersecurity. In 2020 the DoD published the interim-final...
bottom of page