Information Security Resources

As the CMMC Churns | NIST SP 800-171 Rev 3 Draft and Federal Math

Matthew Titcombe2023-05-19T07:45:19-04:00May 19th, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, IIoT, Information Security, IOT, maturity, model, NIST SP 800-171, OT, PLC, SCADA, scope of applicability, scoping, SSP, structure, taxonomy|

DO NOT watch this if you are a Defense Industrial Base (DIB) Contractor. You have real work to do by implementing NIST SP 800-171 Revision 2. Here is what you need to do: Ignore all of the [...]

As the CMMC Churns | 4 Ways to Demonstrate NIST SP 800-171 Compliance

Matthew Titcombe2023-05-05T11:54:18-04:00May 5th, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, IIoT, Information Security, IOT, maturity, model, OT, PLC, SCADA, scope of applicability, scoping, SSP, structure, taxonomy|

BREAKING NEWS from "As the CMMC Churns".... The Cyber-AB, with DoD's implicit blessing, is now allowing Authorized C3PAOs to conduct formal NIST SP 800-171 Assessments for organizations both inside and outside of the Defense Industrial Base. This [...]

As the CMMC Churns | Overengineering for CMMC

Matthew Titcombe2023-04-27T13:55:23-04:00April 27th, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, IIoT, Information Security, IOT, maturity, model, OT, PLC, SCADA, scope of applicability, scoping, SSP, structure, taxonomy|

Has your business made the implementation of NIST SP 800-171 harder than it needs to be? Are your employees using one device for CUI work and another for normal work? If so, there is a good chance [...]

As the CMMC Churns | Vulnerability Management for Remote Workers

Matthew Titcombe2023-04-23T14:16:25-04:00April 23rd, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, IIoT, Information Security, IOT, maturity, model, OT, PLC, SCADA, scope of applicability, scoping, SSP, structure, taxonomy|

COVID-19 was a massive catalyst to change how the United States and the world operate. Businesses and the Federal Government had to shift to work from home on an unprecedented schedule. It forced businesses to transform all [...]

As the CMMC Churns | CMMC FUD

Matthew Titcombe2023-04-05T11:07:33-04:00April 5th, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, IIoT, Information Security, IOT, maturity, model, OT, PLC, SCADA, scope of applicability, scoping, SSP, structure, taxonomy|

There is a lot of CMMC-related Fear, Uncertainty, and Doubt (FUD) being used to goad Defense Industrial Base (DIB) companies into implementing NIST SP 800-171 and get ready for CMMC. While we are 1000% for the DIB [...]

As the CMMC Churns | Tips about FIPS Part 2

Matthew Titcombe2023-03-31T11:14:10-04:00March 31st, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, IIoT, Information Security, IOT, maturity, model, OT, PLC, SCADA, scope of applicability, scoping, SSP, structure, taxonomy|

Has 3.13.11, the use of FIPS-validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS-validated encryption have you befuddled? FIPS is confusing and complicated. In this episode of "As the [...]

As the CMMC Churns | Tips about FIPS Part 1

Matthew Titcombe2023-02-16T18:49:10-05:00February 16th, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, IIoT, Information Security, IOT, maturity, model, OT, PLC, SCADA, scope of applicability, scoping, SSP, structure, taxonomy|

Has 3.13.11, the use of FIPS validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS validated encryption have you befuddled? FIPS is confusion and complicated. In this episode of [...]

DIBCAC Gaps

Matthew Titcombe2023-02-09T09:16:08-05:00February 9th, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, IIoT, Information Security, IOT, maturity, model, OT, PLC, SCADA, scope of applicability, scoping, SSP, structure, taxonomy|

Did you know the Defense Industrial Based Cybersecurity Assessment Center (DIBCAC) posted slides about what NIST SP 800-171 requirements were "Other Than Satisfied"? In this episode of As the CMMC Churns we will take a look at [...]

As the CMMC Churns | Apple MacOS and CMMC

Matthew Titcombe2023-02-02T09:16:37-05:00February 2nd, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, IIoT, Information Security, IOT, maturity, model, OT, PLC, SCADA, scope of applicability, scoping, SSP, structure, taxonomy|

Does your business use Apple MacOS devices? Do you also have to implement NIST SP 800-171 and be CMMC accredited? Good news!!! Apple MacOS devices can be setup to fulfill NIST SP 800-171 and pass a CMMC [...]

As the CMMC Churns | Documenting Your Scope

Matthew Titcombe2023-01-26T10:01:48-05:00January 26th, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, IIoT, Information Security, IOT, maturity, model, OT, PLC, SCADA, scope of applicability, scoping, SSP, structure, taxonomy|

Are looking to understand how to document your SSP? How does the NIST SP 800-171 Scope of Applicability and CMMC Assessment Scope fit in the SSP? In this "At the CMMC Churns," we take the Scope of [...]

As the CMMC Churns | Security Tactics for NIST SP 800-171 & CMMC “Specialized Assets”

Matthew Titcombe2023-01-16T09:50:42-05:00January 19th, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, IIoT, Information Security, IOT, maturity, model, OT, PLC, SCADA, scope of applicability, scoping, structure, taxonomy|

Does your business have CMMC-defined "Specialized Assets"? Are you struggling to determine how to apply NIST SP 800-171 requirements to them? In this "As the CMMC Churns," we take a look at "Specialized Assets," or when broken [...]

As the CMMC Churns | Acquisition 101 and the CMMC Rule…[Update #1]

Matthew Titcombe2023-01-11T12:13:09-05:00January 12th, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

How will the changes to the CMMC Rule going final affect your business? This special edition of As the CMMC Churns will help to clarify. Matt Titcombe, the CEO of Peak InfoSec will put on his old [...]

As the CMMC Churns | To Enclave or not to Enclave, that is the question

Matthew Titcombe2023-01-02T09:25:31-05:00January 5th, 2023|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

"To Enclave or not to Enclave, that is the question…" In this "As the CMMC Churns," we look into "enclaving." We also look into the most common pitfalls businesses do when making an enclaving decision--falling back into [...]

NIST SP 800-171 and CMMC Level 2 Assessment Scoping Process Diagram

Matthew Titcombe2023-01-04T09:14:02-05:00January 4th, 2023|Categories: CMMC, Compliance, DFARS & NIST SP 800-171, Information Security, whItepaper|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

The process diagram is used to: Classify components per the NIST SP 800-171 Scope of Applicability Then categorize those components per the CMMC Level 2 Assessment Scoping Guide A separate diagram for classifying and categorizing roles will [...]

As the CMMC Churns | ‘Twas The Night Before the Final Rule Drop

Matthew Titcombe2022-12-22T11:48:04-05:00December 22nd, 2022|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

A special fireside reading of “’Twas the Night Before Final Rule Drop.” Upcoming "As the CMMC Churns" Episodes: 5 Jan Enterprise or enclave 12 Jan OT & IIOT Security for CMMC 19 Jan Documenting your Scope 26 [...]

NIST SP 800-171 & CMMC Implementation in Three “Easy” Steps Infographic

Matthew Titcombe2022-12-29T15:29:59-05:00December 15th, 2022|Categories: CMMC, Compliance, DFARS & NIST SP 800-171, Infographic, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

Yes, you too can implement NIST SP 800-171 in preparation for CMMC in just three "Easy" Steps. Yeah, there is a LOT of sarcasm in the "Easy." However, many people and organizations are losing sight of [...]

As the CMMC Churns | Implementing CMMC Myth Busted!

Matthew Titcombe2022-12-15T11:33:10-05:00December 15th, 2022|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

Time to do some more debunking. There is a belief that Defense Industrial Base contractors need to implement the Cybersecurity Maturity Model Certification (CMMC). Au contraire. Aside from being the name of a wine, it is also [...]

As the CMMC Churns | The Three Descoping Methods

Matthew Titcombe2022-12-11T12:46:40-05:00December 8th, 2022|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

Three. Three. Yes, Three Descoping methods to take components out of your NIST SP 800-171 Scope of Applicability. “But Matt, there are only two isolation techniques listed in NIST SP 800-171 para 1.1” Muh-huh. There are three. [...]

As the CMMC Churns | How to apply the NIST SP 800-171 Scope of Applicability

Matthew Titcombe2022-12-22T11:39:06-05:00December 1st, 2022|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

Struggling to figure out what is in scope for NIST SP 800-171 and CMMC? Building on the Scope Confusion episodes and our “NIST SP 800-171 and CMMC Level 2 Assessment Scoping Infographic Whitepaper,” this As the CMMC [...]

As the CMMC Churns | CMMC Training on the Cheap for SMBs

Matthew Titcombe2022-12-08T15:25:38-05:00November 17th, 2022|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

As the CMMC Churns goes live!! This episode is "SMB Ways to meet CMMC Training Requirements" Are you a small business leader who needs to meet CMMC training requirements and your budget is limited? Perfect! In this [...]

NIST SP 800-171 and CMMC Level 2 Assessment Scoping Infographic Whitepaper

Matthew Titcombe2022-11-06T17:38:24-05:00November 6th, 2022|Categories: CMMC, Compliance, DFARS & NIST SP 800-171, Information Security, whItepaper|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

Commentary This document was created on 6 November 2022 and has not been revised, yet. This document and the infographic will be revised when the CMMC Interim Rule is published. Foundational Premises of the Infographic The foundational premises [...]

As the CMMC Churns – The CMMC Seven Stages of Grief

Matthew Titcombe2022-12-08T15:26:08-05:00November 3rd, 2022|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

Is your organization stuck in the CMMC Seven Stages of Grief? Sadly, the malady is not sarcasm to get you to watch this video. Just as individuals grieve during a personal loss, organizations and their staff [...]

As the CMMC Churns | Managed Service Provider Ghost Stories

Matthew Titcombe2022-10-25T08:03:35-04:00October 25th, 2022|Categories: As the CMMC Churns, Compliance, DFARS & NIST SP 800-171, Information Security|Tags: 3rd Party Risk, cmmc, cmmc assessment scope, CSP, CUI, cybersecurity, DFARS, DoD, MSP, MSSP, NIST SP 800-171|

Welcome to the Halloween edition of As the CMMC Churns. In this edition we will regale the watched with real world ghost stories that drove their client, an Organization Seeking Certification, into non-compliance and scared their compliance [...]

White Paper | Debunking CMMC Assessment Scope Myths

Matthew Titcombe2022-12-29T13:20:48-05:00October 24th, 2022|Categories: CMMC, Compliance, DFARS & NIST SP 800-171, Information Security, VLOG, whItepaper|Tags: certification, cmmc, cmmc assessment scope, cybersecurity, DoD, Information Security, maturity, model, scope of applicability, scoping, structure, taxonomy|

The Problem The Cybersecurity Maturity Model Certification (CMMC) Assessment Scope – Level 2 Guide is misleading cybersecurity professionals into underapplying National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal [...]

How much is a CMMC Conformity Assessment going to cost???

Matthew Titcombe2022-10-12T14:50:56-04:00October 12th, 2022|Categories: As the CMMC Churns, CMMC, Compliance, DFARS & NIST SP 800-171, Information Security, VLOG|Tags: certification, cmmc, cybersecurity, DoD, Information Security, maturity, model, structure, taxonomy|

"How much is a CMMC Conformity Assessment going to cost???" The foremost favorite question every Organization Seeking Compliance (OSC) is asking CMMC 3rd Party Assessor Organizations (C3PAO) right now. While this episode won't answer that question for [...]

Be as Smart as a Fox

We share our knowledge and experiences so everyone can benefit