This question of U.S. ONLY and CUI comes up a lot. To be clear, although I have deep experience on the sharing of intelligence...

Organizations seeking certification, or OSC, in the Defense Industrial Base (DIB) should start considering the creation and maintenance...

Several people have asked me about this one. I posted this in the NDIA forum a week or so ago to generate discussion there on the current...

Today, a set of questions came across my desk from a reporter for a high-tech magazine. It piqued my interest, so I provided some input...

Based on the LinkedIn exchanges of views on encrypted CUI and covered systems linked below, I have, as promised crafted an input to the...

The Truth You Don’t Want to Know My new favorite saying, and it seems to be rampant in the halls of success, but perhaps nowhere more so...

Although the new Cybersecurity Maturity Model Certification (CMMC) Scoping Guides bring much needed clarification, specific aspects of...

As we move forward with accountability around cyber for the Defense Industrial Base (DIB), the specific language in the rules, controls,...

Previously I wrote CMMC Trip to Tartarus story under the banner “CMMC is impossible and here is why!” I did not receive many comments...

So I normally don’t go in for the sensationalized headline. I abhor them in fact, but in this case, I think it is needed. Put the breaks...

History A long-time requirement for any auditable process or standard has been documentation. I sometimes think that early cave paintings...

I have put this together as a review of the paper posted by Bob Metzger’s law firm, New DOD Cyber Rules Create Fertile Bid Protest...

In the course of the much appreciated exchange of ideas in a LinkedIn thread, the concept of Cyber Standards like CMMC (the new DoD...

Federal Government: "Put CUI controls in place so we can give you a contract." Federal Contractors: "No. Give us the contract and tell us...

For a commercial enterprise, how much cybersecurity investment needs to be determined from a risk assessment based on a number of...

Some years ago a good friend of mine sarcastically quipped, "Yeah that scorecard is green, Zombie Green!" It became a running joke on our...

The Short Answer For anyone who wants to skip to the end, here it is. In order to be DoD cybersecurity compliant today, you should have...

Passwords are ubiquitous in terms of modern information security. So much so that considering if the current password policy we have is...

Assessing Coronavirus risk is an interesting case study in how humans broadly assess risk and do so very poorly. Everyone on the planet...