Clearing the Haze Around the History of CMMC

We use history to determine our future and as President Biden’s Executive Order on supply chain risk management unfolds we wonder how will the Cybersecurity Maturity Model Certification program change to adapt to emerging threats and federal regulations. So before we can determine the influence of CMMC on supply chain risk management we must consider…

When you cut through the marketing hype, when you ignore all the LinkedIn trolls predicting doom of the Cybersecurity Maturity Model Certification program you realize CMMC did not rise out of the blue. When you read the history you will find nothing really new. CMMC simply requires third party attestation of what defense contractors already…

Spreading the Wings of CMMC Ethics

As we create the Cybersecurity Maturity Model Certification (CMMC) program we need to consider the ethics behind our goals. Otherwise the program will wither on a vine rather than break from the Chrysalis and spread its wings. History of Ethics in Compliance In 1907 at the 20th Anniversary of the American Association of Public Accountants…

Know Your Role when Swimming in CMMC Alphabet Soup

Humans get drawn to to thinking in threes. Holy Trinity, Three Little Pigs, Zelda Triforce, A kid, his Dad, and a Ghost (Star Wars…already mentioned Christianity). Examples exist in our culture, thinking, and governance. In writing we call it the Rule of Three. Think your five paragraph essay with three supporting details. Three baby ducks…

CyberSecurity Begins with Awareness and Training

p>It always comes down to the humans. The best security but the tiniest friction and all systems fail. That 2% of DNA separating us from chimpanzees really messes with your cyber hygiene. If you want security you need to focus on the biggest attack vector: people. The Cybersecurity Maturity Model Certification program revolves around a…

Roots of CyberSecurity

So many people complain bout the forest and trees in the Cybersecurity Maturity Model Certification. Some look to the trees and can write 5,000 word essays pulling about the etymology of a single word. They never see the forest. “Forest Turnover” by Nicholas_T is licensed under CC BY Others claims CMMC will rise only to…

Inventory Matters

Inventory matters. As Sarah Spencer CEO of SolonTek notes, “You cannot protect what you cannot see.” “dandoodlescan065-inventory is waste” by Inha Leex Hale is licensed under CC BY Now some people read the CMMC assessment guide for Level One and think, “Huh no inventory needed?” Not true. You may not need to show your inventory…

Minimum Elements For a Software Bill of Materials (SBOM)

On July 12th the NTIA and the Department of Commerce released a document of interest to any software developer: The Executive Order (14028) on Improving the Nation’s Cybersecurity directs the Department of Commerce, in coordination with the National Telecommunications and Information Administration (NTIA), to publish the “minimum elements” for a Software Bill of Materials (SBOM).…