Filling in the Blanks: NIST SP 800-171 Rev 3 and the DoD’s Organization-Defined Parameters
When I was a kid, there was a cartoon called Chowder on good ole’ Cartoon Network. It was a dearly beloved show in the Molter
When I was a kid, there was a cartoon called Chowder on good ole’ Cartoon Network. It was a dearly beloved show in the Molter
A Rule That Was Written Before the iPhone Existed Let me put something in perspective for you. The HIPAA Security Rule (the regulation that governs how covered
Insert Coin: Introduction If you’ve ever played a video game sequel, you know the feeling. The first game took you hundreds of hours. You learned the mechanics, figured out
When the Rules and Reality Don’t Quite Line Up A few days ago, as I was preparing myself a nutritious midnight snack, a bowl of Cap’n Crunch cereal. Don’t shame me. It has some vitamins
Picture two organizations virtually identical in size, industry, systems, and Controlled Unclassified Information (CUI) environment going through their CMMC Level 2 Certification Assessment on the same week. One walks
Connect the Clues: Introduction You’ve probably seen at least one detective show in your lifetime. Whether it was a grizzled, old-school investigator with a corkboard
Hyperactive Imagination: Introduction What comes to mind when you think about data at rest being protected? Do you think about three-dimensional ones and zeros with
That Shepherd Boy Looks Familiar! As I prepare to talk about the Cost of CMMC, I’d like to ask you to reminisce with me. Do
For Managed Service Providers (MSPs), offering GRC as a Service (GRCaaS) may be an overlooked revenue opportunity in today’s regulated market. While many MSPs have avoided governance, risk,
If you work in the world of Cybersecurity Maturity Model Certification (CMMC), you already know the buzzwords: System Security Plan (SSP), Plan of Action and