Spreading the Wings of CMMC Ethics

As we create the Cybersecurity Maturity Model Certification (CMMC) program we need to consider the ethics behind our goals. Otherwise the program will wither on a vine rather than break from the Chrysalis and spread its wings. History of Ethics in Compliance In 1907 at the 20th Anniversary of the American Association of Public Accountants…

https://www.youtube.com/watch?v=SFjGJ4bal9Q&list=PLTwPLYYqvojqbkfYLOOOxboYH4XF_MGJ6&index=6

In this video, Dana interviewsMichael Puldy, CEO of Puldy Resiliency Partners. They discuss  -Crisis Communication -CMMC -Why Should DoD Contractors Be Looking To Level 3 of CMMC -Levels of CMMC -Which part of the NIST framework relates to crisis and incident management? -What is the correct amount or level of communication during a crisis? -A…

Know Your Role when Swimming in CMMC Alphabet Soup

Humans get drawn to to thinking in threes. Holy Trinity, Three Little Pigs, Zelda Triforce, A kid, his Dad, and a Ghost (Star Wars…already mentioned Christianity). Examples exist in our culture, thinking, and governance. In writing we call it the Rule of Three. Think your five paragraph essay with three supporting details. Three baby ducks…

CyberSecurity Begins with Awareness and Training

p>It always comes down to the humans. The best security but the tiniest friction and all systems fail. That 2% of DNA separating us from chimpanzees really messes with your cyber hygiene. If you want security you need to focus on the biggest attack vector: people. The Cybersecurity Maturity Model Certification program revolves around a…

Roots of CyberSecurity

So many people complain bout the forest and trees in the Cybersecurity Maturity Model Certification. Some look to the trees and can write 5,000 word essays pulling about the etymology of a single word. They never see the forest. “Forest Turnover” by Nicholas_T is licensed under CC BY Others claims CMMC will rise only to…

Inventory Matters

Inventory matters. As Sarah Spencer CEO of SolonTek notes, “You cannot protect what you cannot see.” “dandoodlescan065-inventory is waste” by Inha Leex Hale is licensed under CC BY Now some people read the CMMC assessment guide for Level One and think, “Huh no inventory needed?” Not true. You may not need to show your inventory…

Minimum Elements For a Software Bill of Materials (SBOM)

On July 12th the NTIA and the Department of Commerce released a document of interest to any software developer: The Executive Order (14028) on Improving the Nation’s Cybersecurity directs the Department of Commerce, in coordination with the National Telecommunications and Information Administration (NTIA), to publish the “minimum elements” for a Software Bill of Materials (SBOM).…

https://www.youtube.com/watch?v=JjJkyByInQc&t=123s

The People Side Of CMMC | What Can OSCs Due To Maximize The People Element Of CMMC Check the following link to learn more about our content: https://www.identityprotectionplannin… In this video, I am interviewing Carter Schoenberg from SoundWay Consulting. We had a discussion over the following Subjects: -The people side of CMMC -What can OSCs…

Prerequisites for a DIBCAC CMMC Assessment

While we await the release of the CMMC assessment process from the AB we can look to how Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) conducted Level Three assessments of Certified Third Party Assessment Organization (C3PAO) to understand the methodology. As we know Cybersecurity Maturity Model Certification (CMMC) assessments happen four phases. At each step…