Blog

The DoD released an updated Frequently Asked Questions (FAQ) document to address the 32 CFR CMMC Program Rule. This is content that everyone should be familiar with to help avoid assumptions.You can d …

National Institute of Standards and Technology (NIST) publishes NIST 800-171 which is a set of guidelines designed to enhance the cybersecurity posture of organizations handling Controlled Unclassifie …

When it comes to recent CMMC discussions, it feels as though the trees are being missed due to the forest being in the way. Specifically, quite a few discussions on "necessary evidence" needed to sati …

This article covers the concept of building a RACI/RASCI matrix to demystify control ownership concerns, as well as reviewing any Customer Responsibility Matrix (CRM) that vendors may share with you.W …

What is the soft underbelly of your CMMC program?For a lot of companies, it is not what they think it is and the reason is primarily based on misplaced assumptions. Too many people and companies view …