In practice, SPA/CSP/ESP split important hairs and are often confused. Each label has crucially specific connotations for CMMC assessments.

“Most companies think they’re ready. They are not. CMMC is brutal , and the sooner businesses accept that, the better chance they have of...

According to the DoD, uploading a NIST self-assessment score is supposed to be as easy as an easy-bake pie. If you are a prime already...

CMMC is an enterprise challenge — not just an IT challenge...this blog focuses on efforts required to negotiate contract specificity and...

I would assert that CMMC is by far the most challenging cybersecurity assessment methodology ever; the federal compliance Mt. Everest.

Many companies today are working to update their SPRS score. The standard model for this is to conduct an assessment, assign a score,...

Well, the short answer is because you have to because they make you. Wait, evidence locker appears nowhere in the rule. You are making...

I have completed my initial skim of the 470 pages of the 32CFR170 Final Rule. I think it's a huge improvement over the proposed version.

Cybersecurity Maturity Model Certification (CMMC) includes a list of controls that dictate training requirements for relevant employees:...

The DoD is rolling out their new cybersecurity audit plan around NIST SP 800-171: Cybersecurity Maturity Model Certification, or CMMC....

This ‘power’ allows organizations to define crucial variables for themselves as they document their information security architecture.

Tip 1. You're not too small to be a target.  I once had a person in a major corporation say to me, “We are a soap and diaper company. Who...

Ah, documentation.  The most beloved part of every cybersecurity and IT professional's day. If only they could have more paperwork, then...

Controlled Technical Information (CTI) is really at the heart of what DoD wants/needs to have protected as a part of many ongoing DoD...

Microsoft's introduction of the Copilot+ Recall feature has sparked significant concern within the cybersecurity and compliance...

The CMMC ecosystem has experienced a major increase in activity in 2024.This ramp-up has seen us lean on a number of new analogies when...

How often should our company review our compliance with the NIST SP 800-171 security requirements?

On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...

The origin story of Cybersecurity Maturity Model Certification (CMMC) goes back more than 20 years. Having roots in 32 CFR 2002, the...

What the heck is this spurrrs thing people keep talking about? And why did my prime just ask us if we have one? The Supplier Performance...