Inventory matters. As Sarah Spencer CEO of SolonTek notes, “You cannot protect what you cannot see.” “dandoodlescan065-inventory is waste” by Inha Leex Hale is licensed under CC BY Now some people read the CMMC assessment guide for Level One and think, “Huh no inventory needed?” Not true. You may not need to show your inventory…
On July 12th the NTIA and the Department of Commerce released a document of interest to any software developer: The Executive Order (14028) on Improving the Nation’s Cybersecurity directs the Department of Commerce, in coordination with the National Telecommunications and Information Administration (NTIA), to publish the “minimum elements” for a Software Bill of Materials (SBOM).…
While we await the release of the CMMC assessment process from the AB we can look to how Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) conducted Level Three assessments of Certified Third Party Assessment Organization (C3PAO) to understand the methodology. As we know Cybersecurity Maturity Model Certification (CMMC) assessments happen four phases. At each step…
Most of you do not need a CMMC gap analysis. You might as well put your money, if you got any, in a pile and light a match. Connecticut has thousands of contractors that will EVENTUALLY require a CMMC assessment. Yet 2026 far off, and for those who want to work in the Defense contracting…
The market for -171 and CMMC compliance just got much bigger in Connecticut. On 2021-07-06 Governor Lamont signed Public Act No. 21-119 into law. To incentivize the adoption of cybersecurity standards for businesses by allowing businesses that adopt certain cybersecurity framework to plead an affirmative defense to any cause of action that alleges that a…
I don’t know. You don’t know. Nobody knows. The scoping and final methodology guides have yet to hit the press as we await Department of Defense Approval. Until then we guess, but with observable evidence. The Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) part of the Defense Contract Management Agency verified the self-assessment of a…
WELCOME First Time Attendees! Topics Discussed CMMC latest news events Connstep / Fireeye hosted a successful event last week The House Committee on Small Business: CMMC Implementation: What It Means for Small Businesses testimony occurred. People complained about costs and having to read. No real information provided. Managed Service Provider (MSPs) are allowed to be…
We have all seen or felt the rage. You go into fridge to grab the gooey cooey chocolate volcano cake you labeled in the fridge and the shelf laughs back at you with an eerily empty cackle. Someone did not now who owned the cake. flickr photo by carolinerac shared under a Creative Commons (BY-NC-ND)…
Topics Discussed Whitepaper update – will be sent to designer who will enhance graphics then passed to Anna and Jeff this Friday – Arvin reached out to a couple of CEO to create an executive summary for the whitepaper B. Anna invited the team to attend a seminar with Kate Forster – CUI how…
Getting lost in the different requirements of the Cybersecurity Maturity Model Certification? Pull back the sheets and realize much of what we mean withe practices and processes revolve around doing business better. You do practices in cybersecurity. Verbs. Controls. Compliance. These practices require processes to stick. Your company needs solid policies, documentation, and plans to…
