Inventory Matters

Inventory matters. As Sarah Spencer CEO of SolonTek notes, “You cannot protect what you cannot see.” “dandoodlescan065-inventory is waste” by Inha Leex Hale is licensed under CC BY Now some people read the CMMC assessment guide for Level One and think, “Huh no inventory needed?” Not true. You may not need to show your inventory…

Minimum Elements For a Software Bill of Materials (SBOM)

On July 12th the NTIA and the Department of Commerce released a document of interest to any software developer: The Executive Order (14028) on Improving the Nation’s Cybersecurity directs the Department of Commerce, in coordination with the National Telecommunications and Information Administration (NTIA), to publish the “minimum elements” for a Software Bill of Materials (SBOM).…

https://www.youtube.com/watch?v=JjJkyByInQc&t=123s

The People Side Of CMMC | What Can OSCs Due To Maximize The People Element Of CMMC Check the following link to learn more about our content: https://www.identityprotectionplannin… In this video, I am interviewing Carter Schoenberg from SoundWay Consulting. We had a discussion over the following Subjects: -The people side of CMMC -What can OSCs…

Prerequisites for a DIBCAC CMMC Assessment

While we await the release of the CMMC assessment process from the AB we can look to how Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) conducted Level Three assessments of Certified Third Party Assessment Organization (C3PAO) to understand the methodology. As we know Cybersecurity Maturity Model Certification (CMMC) assessments happen four phases. At each step…

Public Act No 21-119 AN ACT INCENTIVIZING THE ADOPTION OF CYBERSECURITY STANDARDS FOR BUSINESSES Now Law In Connecticut

The market for -171 and CMMC compliance just got much bigger in Connecticut. On 2021-07-06 Governor Lamont signed Public Act No. 21-119 into law. To incentivize the adoption of cybersecurity standards for businesses by allowing businesses that adopt certain cybersecurity framework to plead an affirmative defense to any cause of action that alleges that a…

How Long Does a CMMC Assessment Take?

I don’t know. You don’t know. Nobody knows. The scoping and final methodology guides have yet to hit the press as we await Department of Defense Approval. Until then we guess, but with observable evidence. The Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) part of the Defense Contract Management Agency verified the self-assessment of a…

thrreem men on submarine deck

Minutes from 2021-06-30 Coalition Meeting

WELCOME First Time Attendees! Topics Discussed CMMC latest news events Connstep / Fireeye hosted a successful event last week The House Committee on Small Business: CMMC Implementation: What It Means for Small Businesses testimony occurred. People complained about costs and having to read. No real information provided. Managed Service Provider (MSPs) are allowed to be…