3.10.6 Alternate Work Sites
Is your organization struggling to understand how to approach the NIST SP 800-171 3.10.6 Security Requirement for Alternate Work Sites? What is allowed and what an assessor may be looking for? In this [...]
The Three Types of Evidentiary Objects
Did you know there are three general types of Examination Assessment Objects in NIST SP 800-171A? Well, we looked at all 879 listed Examination Assessment Objects in 171A and realized there are three [...]
Your SSP Sucks, Seriously.
Sorry to tell many of you, your NIST SP 800-171 required System Security Plan (SSP) sucks. As the start of CMMC draws nearer, we are now seeing more SSPs by other companies and, [...]
Requirements have Relationships
I’ll bet you didn’t know the Security Requirements in NIST SP 800-171 have relationships. We see people just jumping into NIST SP 800-171 compliance helping organizations and even CMMC Certified Assessors failing to [...]
Approve, the Forgotten Verb
Did you know one of the most prolific failures for an organization's self-assessments and those seeking certification during a conformity assessment under Cybersecurity is their documentation? Approvals. For some crazy reason organizations think [...]
CMMC Rule, an Executive Summary
The new Cybersecurity Maturity Model Certification (CMMC) rule was published on 22 December 2023. While many of the "in the weeds" details are new and worthy of later discussion, this "As the CMMC [...]
CUI Litmus Test
Find out about the CUI Litmus test if your organization struggling to identify CUI in your environment. Does your organization know the key tenets to identify CUI? If not, this [...]
Assessors and Toddlers
Is your organization getting ready to undergo a formal Conformity Assessment for NIST SP 800-171? If so, you need to watch this video!!! You need to understand the similarities between Assessors and Toddlers. With [...]
3.13.7 and Split Tunneling
Are you trying got understand the 3.13.7 and Split Tunneling Security Requirement in NIST SP 800-171 Rev 2 (and draft Rev 3?? Like all of the requirements, there are nuances in the actual [...]
NIST SP 800-171 Rev 3 Draft
DO NOT watch this if you are a Defense Industrial Base (DIB) Contractor. You have real work to do by implementing NIST SP 800-171 Revision 2 versus finding out about the NIST SP [...]
4-Ways to Demonstrate Compliance
BREAKING NEWS from "As the CMMC Churns".... There are now 4-Ways to Demonstrate Compliance. The Cyber-AB, with DoD's implicit blessing, is now allowing Authorized C3PAOs to conduct formal NIST SP 800-171 Assessments for [...]
Overengineering for CMMC
Are you Overengineering for CMMC? Has your business made the implementation of NIST SP 800-171 harder than it needs to be? Are your employees using one device for CUI work and another for [...]
VM for Remote Workers
VM for Remote Workers underwent a massive shift due to COVID-19 that changed how the United States and the world operate. It impacted operations and drove changes under NIST SP 800-171/CMMC for remote [...]
Tips about FIPS Part 2
Has 3.13.11, the use of FIPS-validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS-validated encryption have you befuddled? Tips about FIPS Part 2 continues address [...]
Tips about FIPS Part 1
Has 3.13.11, the use of FIPS validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS validated encryption have you befuddled? This is Part 1 on [...]
DIBCAC Gaps
Did you know the Defense Industrial Based Cybersecurity Assessment Center (DIBCAC) posted slides about what NIST SP 800-171 requirements were "Other Than Satisfied"? These are the DIBCAC Gaps. In [...]
Apple MacOS and CMMC
Apple MacOS and CMMC??? Does your business use Apple MacOS devices? Do you also have to implement NIST SP 800-171 and be CMMC accredited? Good news!!! Apple MacOS devices can be setup to fulfill [...]
Documenting Your Scope
Are looking to understand documenting your scope for your SSP? How does the NIST SP 800-171 Scope of Applicability and CMMC Assessment Scope fit in the SSP? In this At the CMMC Churns, [...]
Security Tactics for Specialized Assets
Does your business have CMMC-defined Specialized Assets? Are you struggling to determine how to apply NIST SP 800-171 requirements to them? This As the CMMC Churns episode, Security Tactics for Specialized Assets, is [...]
Acq101 and CMMC Rule-Update #1
How will the changes to the CMMC Rule going final affect your business? Acq101 and CMMC Rule-Update #1 is the point of this special edition of As the CMMC Churns will help to clarify. [...]
To Enclave or not to Enclave, that is the question
To Enclave or not to Enclave, that is the question… In this As the CMMC Churns, we look into enclaving. We also look into the most common pitfalls businesses do when making an [...]
Twas the night before the CMMC rule drop
A special fireside reading from As the CMMC Churns of Twas the night before the CMMC rule drop. Twas the night before the CMMC rule drop, when all through the C3PAO Not an [...]
Implementing CMMC Myth Busted!
Time to do some more debunking. Implementing CMMC Myth Busted tackles the belief DIB contractors need to implement the Cybersecurity Maturity Model Certification (CMMC). There is a belief that Defense Industrial Base contractors [...]
The Three Descoping Methods
Three. Three. Yes, three descoping methods to take components out of your NIST SP 800-171 Scope of Applicability. “But Matt, there are only two isolation techniques listed in NIST SP 800-171 para 1.1” [...]
Social Contact