Information Security Resources

3.10.6 Alternate Work Sites

April 19th, 2024|Categories: As the CMMC Churns, understanding the requirements|Tags: , , , , , , , |

Is your organization struggling to understand how to approach the NIST SP 800-171 3.10.6 Security Requirement for Alternate Work Sites?  What is allowed and what an assessor may be looking for? In this CMMC Churns, we dive [...]

Requirements have Relationships

March 6th, 2024|Categories: As the CMMC Churns|Tags: , , , , |

I’ll bet you didn’t know the Security Requirements in NIST SP 800-171 have relationships. We see people just jumping into NIST SP 800-171 compliance helping organizations and even CMMC Certified Assessors failing to understand how one requirement [...]

Approve, the Forgotten Verb

February 25th, 2024|Categories: As the CMMC Churns, understanding the requirements|Tags: , , , , , , |

Did you know one of the most prolific failures for an organization's self-assessments and those seeking certification during a conformity assessment under Cybersecurity is their documentation?  Approvals. For some crazy reason organizations think draft documentation, settings that [...]

32 CFR Part 170 Word Document

January 8th, 2024|Categories: CMMC, Compliance, DFARS & NIST SP 800-171, Information Security, whItepapers|Tags: , , , , , , , , , , , |

Here is the MS Word version of the Draft 32 CFR Part 170, CMMC Program rule: PART_170—CYBERSECURITY_MATURITY MODEL_CERTIFICATION_PROGRAM

3.13.7 and Split Tunneling

June 22nd, 2023|Categories: As the CMMC Churns, understanding the requirements|Tags: , , , , |

Are you trying got understand the 3.13.7 and Split Tunneling Security Requirement in NIST SP 800-171 Rev 2 (and draft Rev 3?? Like all of the requirements, there are nuances in the actual Security Requirement, “Prevent remote [...]

Tips about FIPS Part 2

March 31st, 2023|Categories: As the CMMC Churns, understanding the requirements|Tags: , , , , |

Has 3.13.11, the use of FIPS-validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS-validated encryption have you befuddled?  Tips about FIPS Part 2 continues address the most common DIBCAC [...]

Security Tactics for Specialized Assets

January 19th, 2023|Categories: As the CMMC Churns|Tags: , , , , , |

Does your business have CMMC-defined Specialized Assets? Are you struggling to determine how to apply NIST SP 800-171 requirements to them? This As the CMMC Churns episode, Security Tactics for Specialized Assets, is for you. In this [...]

NIST SP 800-171 and CMMC Level 2 Assessment Scoping Process Diagram

January 4th, 2023|Categories: Infographic|Tags: , , , , , , , , , , , |

The process diagram is used to: Classify components per the NIST SP 800-171 Scope of Applicability Then categorize those components per the CMMC Level 2 Assessment Scoping Guide A separate diagram for classifying and categorizing roles will [...]

Information Security Turnaround Specialists