As CMMC classes across the country begin many people have taken interest in following the Certified CMMC Professional pathway. The CCP provides a person with the skills to start on their CMMC assessor journey but many consultants, marketing team members, or employees at an Organization Seeking Certification may want to earn a CCP certificate. While…
We use history to determine our future and as President Biden’s Executive Order on supply chain risk management unfolds we wonder how will the Cybersecurity Maturity Model Certification program change to adapt to emerging threats and federal regulations. So before we can determine the influence of CMMC on supply chain risk management we must consider…
When you cut through the marketing hype, when you ignore all the LinkedIn trolls predicting doom of the Cybersecurity Maturity Model Certification program you realize CMMC did not rise out of the blue. When you read the history you will find nothing really new. CMMC simply requires third party attestation of what defense contractors already…
As we create the Cybersecurity Maturity Model Certification (CMMC) program we need to consider the ethics behind our goals. Otherwise the program will wither on a vine rather than break from the Chrysalis and spread its wings. History of Ethics in Compliance In 1907 at the 20th Anniversary of the American Association of Public Accountants…
Humans get drawn to to thinking in threes. Holy Trinity, Three Little Pigs, Zelda Triforce, A kid, his Dad, and a Ghost (Star Wars…already mentioned Christianity). Examples exist in our culture, thinking, and governance. In writing we call it the Rule of Three. Think your five paragraph essay with three supporting details. Three baby ducks…
At a recent Town Hall CEO of the Cybersecurity Maturity Model Certification Accreditation Board (CMMC-AB) CEO Matt Travis noted that the “trust and confidence in the CMMC Ecosystem” requires a shared responsibility between the AB and the members of the community. In fact Travis’s Call to Action harkened back to the the testimony of Jesse…
p>It always comes down to the humans. The best security but the tiniest friction and all systems fail. That 2% of DNA separating us from chimpanzees really messes with your cyber hygiene. If you want security you need to focus on the biggest attack vector: people. The Cybersecurity Maturity Model Certification program revolves around a…
So many people complain bout the forest and trees in the Cybersecurity Maturity Model Certification. Some look to the trees and can write 5,000 word essays pulling about the etymology of a single word. They never see the forest. “Forest Turnover” by Nicholas_T is licensed under CC BY Others claims CMMC will rise only to…
Inventory matters. As Sarah Spencer CEO of SolonTek notes, “You cannot protect what you cannot see.” “dandoodlescan065-inventory is waste” by Inha Leex Hale is licensed under CC BY Now some people read the CMMC assessment guide for Level One and think, “Huh no inventory needed?” Not true. You may not need to show your inventory…
On July 12th the NTIA and the Department of Commerce released a document of interest to any software developer: The Executive Order (14028) on Improving the Nation’s Cybersecurity directs the Department of Commerce, in coordination with the National Telecommunications and Information Administration (NTIA), to publish the “minimum elements” for a Software Bill of Materials (SBOM).…
