Keep up-to-date on our latest thoughts about Information Security at Peak InfoSec
The Blogs & Vlogs on this page represent one of our core values: Pass on our knowledge to both businesses and the Information Security community. Our goal is to leave the up and coming generation of Information Security Professionals and their C-Suite executives better prepared for future Information Security risks.
Why? Because there is nothing really new under the sun and we have found the lessons of our past are just as applicable today. We have found lessons dating back to mainframes, bus-and-tag, and dial-up connections still apply today.
The Blogs, Vlogs, and other content on the site reflect that commitment.
Please provide us your comments, feedback, and add in your wisdom via our comments.
As the CMMC Churns | CUI Litmus Test: How to identify CUI in your environment
Is your organization struggling to identify CUI in your environment? Does your organization know the key tenets to identify CUI? If so, this As the CMMC Churns will help your organization. This video will explain the three main tenets plus the traps you may run into for the 3rd tenet, "Does the information match a CUI Registry Category?" [...]
As the CMMC Churns | Assessors and Toddlers
Is your organization getting ready to undergo a formal Conformity Assessment for NIST SP 800-171? If so, you need to watch this video!!! With the uptick in non-voluntary and Joint Surveillance Voluntary Assessments (JSVA) done by the Defense Industrial Base Cybersecurity Assurance Center (DIBCAC), understanding the mindset of your Assessor (cough "toddler") is critical for your survival. In [...]
As the CMMC Churns | NIST SP 800-171 3.13.7, “Split Tunneling,” Security Requirement
Are you trying got understand the 3.13.7, “Split Tunneling” Security Requirement in NIST SP 800-171 Rev 2 (and draft Rev 3?? Like all of the requirements, there are nuances in the actual Security Requirement, “Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split [...]
As the CMMC Churns | NIST SP 800-171 Rev 3 Draft and Federal Math
DO NOT watch this if you are a Defense Industrial Base (DIB) Contractor. You have real work to do by implementing NIST SP 800-171 Revision 2. Here is what you need to do: Ignore all of the CMMC Ecosystem Drama around the NIST SP 800-171 R3 Draft for the next two years Add a Risk Registry to "Monitor" [...]
As the CMMC Churns | 4 Ways to Demonstrate NIST SP 800-171 Compliance
BREAKING NEWS from "As the CMMC Churns".... The Cyber-AB, with DoD's implicit blessing, is now allowing Authorized C3PAOs to conduct formal NIST SP 800-171 Assessments for organizations both inside and outside of the Defense Industrial Base. This is great news because DIBCAC Joint Voluntary Surveillance Assessments (JVSA) are constricted by DoD Lawyers to Prime contractors and companies identified [...]
As the CMMC Churns | Overengineering for CMMC
Has your business made the implementation of NIST SP 800-171 harder than it needs to be? Are your employees using one device for CUI work and another for normal work? If so, there is a good chance you have overengineered your environment to get ready for CMMC. In this case, your business may have provided "a solution to [...]
Social Contact