top of page
Shelby Scott
Sep 28, 20238 min read
Nittany Lions and Tiger Teams - Possible Lessons from Penn State’s Brush with the False Claims Act
News of the False Claims lawsuit against Pennsylvania State University reached the CMMC landscape in August of 2023, when the 2022 legal...
Shelby Scott
Aug 11, 20233 min read
2.1
On August 4, the Office of Management Budget (OMB) released a series of documents detailing updates to the Cybersecurity Maturity Model...
Shelby Scott
Jul 26, 20233 min read
Alternative Control Guidance
On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...
Nick Martin
Jul 7, 20236 min read
TikTok Ban in Effect: FAR 52.204-27 Interim Rule
Last month, the Office of Management and Budget’s (OMB’s) memorandum requiring the removal of TikTok from government devices impacted the...
Shelby Scott
Jul 5, 20234 min read
Here Comes the Airplane: A Glance at the Near-Future of Cyber Rulemaking
In the wake of NIST 800-171 Revision 3, the near-future of information security has been discussed at length across the Defense...
Shelby Scott
Jun 28, 20233 min read
The First 72
On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...
Nick Martin
Jun 21, 20234 min read
Google Workspace for the DIB?
The manufacturing and critical infrastructure sectors in the United States are under threat. In particular, Defense Industrial Base (DIB)...
Shelby Scott
May 17, 20234 min read
The Gist of NIST SP800-171r3
Last week, the National Institute of Standards and Technology (NIST) published a draft revision of Special Publication (SP) 800-171. SP...
Vincent Scott
Apr 28, 20233 min read
DoD Guidance on Control Flexibility
On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...
Shelby Scott
Apr 19, 20234 min read
CMMC Tracking: Three Pro Tips
The most current version of Cybersecurity Maturity Model Certification includes 110 practices or security requirements, also called...
Shelby Scott
Apr 5, 20235 min read
Auntie Em! Auntie Em! It’s an Acronym!
The yellow brick road to Cybersecurity Maturity Model Certification (CMMC) is paved with one thing. Acronyms. In order to take your...
Shelby Scott
Mar 29, 20233 min read
Are You Late For a Very Important Date?
On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...
Vincent Scott
Mar 22, 20232 min read
I FAQ, Therefore I Am
On January 27th, 2017 the DoD published the “Networking and Penetration Reporting and Contracting for Cloud Services (DFARS Case...
Shelby Scott
Mar 8, 20234 min read
'Love' is a Verb. So is 'Identified.'
If you’ve ever picked up a self-help book, you may have come across the phrase “love is a verb.” This adage is designed to draw attention...
Vincent Scott
Feb 1, 20232 min read
Micro Blog - 3 Questions about POA&M
What is a POA&M and when do I need one? According to NIST SP 800-37 Rev. 2, a Plan of Actions and Milestones (POAM or POA&M) is, “A...
Vincent Scott
Jan 18, 20232 min read
Micro Blog - 3 Questions about Potential CMMC Changes
Is the new CMMC rule going to be a draft rule or an interim final rule? While an interim final rule was originally scheduled for release...
Vincent Scott
Nov 26, 20224 min read
'The Fifth Risk' of Vulnerability Management
As seen on GRC Viewpoint: https://lnkd.in/dHQjaGQz. Maintaining an environment which centralizes not only the protection, but the...
Jack Poltorak
Oct 11, 20221 min read
Microsoft Exchange Server – Two Zero Day Vulnerabilities Found
On September 29th, Microsoft announced Zero Day vulnerabilities which affect the 2013, 2016 and 2019 versions of Microsoft Exchange. Note...
Vincent Scott
Jul 1, 20223 min read
Handling CUI
This question of U.S. ONLY and CUI comes up a lot. To be clear, although I have deep experience on the sharing of intelligence...
Vincent Scott
Jun 21, 20224 min read
DIB Contractors should start considering an Evidence Locker for CMMC
Organizations seeking certification, or OSC, in the Defense Industrial Base (DIB) should start considering the creation and maintenance...
bottom of page