Information Security Resources
As the CMMC Churns | 3.10.6 Alternate Work Sites
Is your organization struggling to understand how to approach 3.10.6, Alternate Work Sites? What is allowed and what an assessor may be looking for? In this CMMC Churns, we dive into 3.10.6, Enforce safeguarding measures for CUI [...]
As the CMMC Churns | The Three Types of Evidentiary Objects
Did you know there are three general types of Examination Assessment Objects in NIST SP 800-171A? Well, we looked at all 879 listed Examination Assessment Objects in 171A and realized there are three main types. There is [...]
As the CMMC Churns | Your SSP Sucks, Seriously.
Sorry to tell many of you, your System Security Plan (SSP) sucks. As the start of CMMC draws nearer, we are now seeing more SSPs by other companies and, well, they miss the mark and are not [...]
As the CMMC Churns | Requirements have Relationships
I’ll bet you didn’t know the Security Requirements in NIST SP 800-171 have relationships. We see people just jumping into NIST SP 800-171 compliance helping organizations and even CMMC Certified Assessors failing to understand how one requirement [...]
As the CMMC Churns | Approve, the Forgotten Verb
Did you know one of the most prolific failures for an organization's self-assessments and those seeking certification under Cybersecurity is their documentation? For some crazy reason organizations think draft documentation, settings that were just simply created by [...]
32 CFR Part 170 Word Document
Here is the MS Word version of the Draft 32 CFR Part 170, CMMC Program rule: PART_170—CYBERSECURITY_MATURITY MODEL_CERTIFICATION_PROGRAM
As the CMMC Churns | CMMC Rule, an Executive Summary
The new Cybersecurity Maturity Model Certification (CMMC) rule was published on 22 December 2023. While many of the "in the weeds" details are new and worthy of later discussion, this "As the CMMC Churns" video focuses on [...]
As the CMMC Churns | CUI Litmus Test: How to identify CUI in your environment
Is your organization struggling to identify CUI in your environment? Does your organization know the key tenets to identify CUI? If so, this As the CMMC Churns will help your organization. This video will explain the three [...]
As the CMMC Churns | Assessors and Toddlers
Is your organization getting ready to undergo a formal Conformity Assessment for NIST SP 800-171? If so, you need to watch this video!!! With the uptick in non-voluntary and Joint Surveillance Voluntary Assessments (JSVA) done by the [...]
As the CMMC Churns | NIST SP 800-171 3.13.7, “Split Tunneling,” Security Requirement
Are you trying got understand the 3.13.7, “Split Tunneling” Security Requirement in NIST SP 800-171 Rev 2 (and draft Rev 3?? Like all of the requirements, there are nuances in the actual Security Requirement, “Prevent remote devices [...]
As the CMMC Churns | NIST SP 800-171 Rev 3 Draft and Federal Math
DO NOT watch this if you are a Defense Industrial Base (DIB) Contractor. You have real work to do by implementing NIST SP 800-171 Revision 2. Here is what you need to do: Ignore all of the [...]
As the CMMC Churns | 4 Ways to Demonstrate NIST SP 800-171 Compliance
BREAKING NEWS from "As the CMMC Churns".... The Cyber-AB, with DoD's implicit blessing, is now allowing Authorized C3PAOs to conduct formal NIST SP 800-171 Assessments for organizations both inside and outside of the Defense Industrial Base. This [...]
As the CMMC Churns | Overengineering for CMMC
Has your business made the implementation of NIST SP 800-171 harder than it needs to be? Are your employees using one device for CUI work and another for normal work? If so, there is a good chance [...]
As the CMMC Churns | Vulnerability Management for Remote Workers
COVID-19 was a massive catalyst to change how the United States and the world operate. Businesses and the Federal Government had to shift to work from home on an unprecedented schedule. It forced businesses to transform all [...]
As the CMMC Churns | CMMC FUD
There is a lot of CMMC-related Fear, Uncertainty, and Doubt (FUD) being used to goad Defense Industrial Base (DIB) companies into implementing NIST SP 800-171 and get ready for CMMC. While we are 1000% for the DIB [...]
As the CMMC Churns | Tips about FIPS Part 2
Has 3.13.11, the use of FIPS-validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS-validated encryption have you befuddled? FIPS is confusing and complicated. In this episode of "As the [...]
As the CMMC Churns | Tips about FIPS Part 1
Has 3.13.11, the use of FIPS validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS validated encryption have you befuddled? FIPS is confusion and complicated. In this episode of [...]
DIBCAC Gaps
Did you know the Defense Industrial Based Cybersecurity Assessment Center (DIBCAC) posted slides about what NIST SP 800-171 requirements were "Other Than Satisfied"? In this episode of As the CMMC Churns we will take a look at [...]
As the CMMC Churns | Apple MacOS and CMMC
Does your business use Apple MacOS devices? Do you also have to implement NIST SP 800-171 and be CMMC accredited? Good news!!! Apple MacOS devices can be setup to fulfill NIST SP 800-171 and pass a CMMC [...]
As the CMMC Churns | Documenting Your Scope
Are looking to understand how to document your SSP? How does the NIST SP 800-171 Scope of Applicability and CMMC Assessment Scope fit in the SSP? In this "At the CMMC Churns," we take the Scope of [...]
As the CMMC Churns | Security Tactics for NIST SP 800-171 & CMMC “Specialized Assets”
Does your business have CMMC-defined "Specialized Assets"? Are you struggling to determine how to apply NIST SP 800-171 requirements to them? In this "As the CMMC Churns," we take a look at "Specialized Assets," or when broken [...]
As the CMMC Churns | Acquisition 101 and the CMMC Rule… [Update #1]
How will the changes to the CMMC Rule going final affect your business? This special edition of As the CMMC Churns will help to clarify. Matt Titcombe, the CEO of Peak InfoSec will put on his old [...]
As the CMMC Churns | To Enclave or not to Enclave, that is the question
"To Enclave or not to Enclave, that is the question…" In this "As the CMMC Churns," we look into "enclaving." We also look into the most common pitfalls businesses do when making an enclaving decision--falling back into [...]
NIST SP 800-171 and CMMC Level 2 Assessment Scoping Process Diagram
The process diagram is used to: Classify components per the NIST SP 800-171 Scope of Applicability Then categorize those components per the CMMC Level 2 Assessment Scoping Guide A separate diagram for classifying and categorizing roles will [...]
As the CMMC Churns | ‘Twas The Night Before the Final Rule Drop
A special fireside reading of “’Twas the Night Before Final Rule Drop.” Upcoming "As the CMMC Churns" Episodes: 5 Jan Enterprise or enclave 12 Jan OT & IIOT Security for CMMC 19 Jan Documenting your Scope 26 [...]
Social Contact