Control and Manage Physical Access Devices – NIST SP 800-171 & CMMC 2.0
How do you meet the security requirement 3.10.5 “Control and manage physical access devices”?
Is Your Microsoft 365 Tenant Configured for NIST SP 800-171 & CMMC Compliance?
More than likely, you haven’t configured your Microsoft 365 tenant to actually meet your DFARS NIST SP 800-171 & CMMC requirements.
Flying to the Cloud – IT & Security Transformation
Learn how we configured a client's Microsoft 365 environment to meet NIST SP 800-171 requirements and moved their on-premise resources to the Microsoft 365 environment
Maintaining Systems and Compliance
Learn how our Azure AD services can streamline and secure your IT environnment.
Data Mining and Extracting Historical Data
How we helped a regional logistics company access historical data and provide the tools to mine it for information
Email marketing automation platform = six figure increase in sales
How we helped a small business increase their sales by six figures and in salary cost using a custom built email marketing automation platform
Certification after Certification
Learn how our policies and procedures service enabled a customer to earn two cybersecurity accreditations.
Small Business, Big Compliance - NIST SP 800-171
Learn how we helped a DoD contractor meet DFARS NIST SP 800-171 compliance requirements.
The Physics Behind Microsoft 365 Security
Learn how we helped a DoD contractor meet compliance requirements by securing their Microsoft 365 tenant.
Security Configuration Settings for NIST SP 800-171 & CMMC Compliance
Learn how to meet your configuration management requirements for NIST SP 800-171 and CMMC.
How to Meet NIST SP 800-171 & CMMC Mobile Code Requirements
Learn how to meet your mobile code protection requirements for NIST SP 800-171.
Looking for an Information Security Framework? Use this.
Using a security frame helps an organization establish and meet its security objectives.
Guide to NIST SP 800-171 & CMMC 2.0 Security Control Domains
Learn the objectives of each security control family.
Using BitLocker Encryption for NIST SP 800-171 & CMMC 2.0 Compliance
Learn how to use BitLocker encryption to meet NIST SP 800-171 & CMMC 2.0 compliance.
Guide to Insider Threat Awareness Training for NIST SP 800-171 & CMMC
Learn how to meet insider threat training requirements for NIST SP 800-171 and CMMC.
Guide to Split Tunneling (3.13.7) for NIST SP 800-171 and CMMC
What is split tunneling and how does it relate to your NIST SP 800-171 and CMMC requirements?
The Ultimate Guide to Privacy and Security Notices for NIST 800-171 and CMMC
What is a privacy and security notice? Where does it need to be displayed to meet your NIST 800-171 compliance requirements
The Ultimate Guide to Incident Response for NIST 800-171 and CMMC 2.0
How do you meet NIST 800-171 and CMMC 2.0 incident response requirements? We answer that question in our comprehensive guide.
The Ultimate Guide to USB Compliance for CMMC and NIST 800-171
Can I still use USB storage if we implement NIST 800-171 and CMMC? Here’s the answer.
Cyberwarfare vs Cyber Espionage, What is the Difference?
Cyber buzzwords always get thrown around causing confusion for readers.
Top 5 In Demand Cybersecurity Certifications
Which of these top 5 cybersecurity certifications do you have?
Data Classification Labels for Your Small Business
Having trouble with data classification in your small business? Here are three classification labels you can use.
10 Ways to Improve Your Small Business's Cybersecurity
Perform these tasks to greatly improve cybersecurity at a small business.
NIST SP 800-171 Personnel Security Requirements
Learn everything you need to know about your Personnel Security requirements for NIST SP 800-171 and CMMC 2.0.
What is a System Security Officer, System Owner, and Information Owner?
Learn what these essential roles are for your system security plan.
NIST SP 800-171 Physical Security Requirements Explained
Learn how to meet your NIST SP 800-171 and CMMC 2.0 physical security requirements. In this blog we reference the following NIST SP 800-171 controls 3.10.1, 3.10.2, 3.10.3, 3.10.4, 3.10.5, and 3.10.6.
Vulnerability Scanning Requirements for NIST SP 800-171
Learn how to meet your NIST SP 800-171 and CMMC 2.0 vulnerability scanning requirements.
How I Passed the CISSP Exam on My First Try
Follow my tips on how to pass the CISSP exam.
NIST SP 800-171 Least Privilege Requirements
What does “Least Privilege” mean and what are the associated NIST SP 800-171 requirements?
NIST SP 800-171 Separation of Duties Requirements
What does “Separation of Duties” mean and what are the associated NIST SP 800-171 requirements?
How the Time on your Computer Affects NIST SP 800-171 Compliance
There are many intricate requirements related to NIST SP 800-171 including how time on your computer is calculated.
System Security Plans Explained
To meet NIST SP 800-171 requirements you must create and maintain a system security plan (SSP).
NIST SP 800-171 CUI Sanitization and Destruction Methods
Learn how to meet your NIST SP 800-171 media sanitization and destruction requirements.
What Documentation Should You Have for NIST SP 800-171?
A cybersecurity program isn’t really a formal program until it is documented.
What are the NIST SP 800-171 Password Requirements?
The password requirements for NIST SP 800-171 are not very specific, this allows organizations to establish their own password policy as long as it meets basic NIST SP 800-171 requirements.
What CMMC 2.0 Means for your Business
CMMC 2.0 has streamlined CMMC and brought it in line with existing federal cybersecurity standards. This will result in benefits for many government contractors.
Easy to Use Incident Response Checklist
Organizations should have standardized procedures for responding to incidents, use this incident response checklist next time you respond to an incident.
How to Protect the Confidentiality of CUI
Learn how to protect the confidentiality of CUI using physical and technical safeguards.
Using DISA STIGs to Meet NIST SP 800-171 and CMMC Requirements
Learn how using DISA STIGs can help you meet your DFARS cybersecurity compliance requirements.
How to Create a Hardware and Software Inventory for your System Security Plan
Every system security plan should include or reference a hardware and software inventory.
How to Meet Requirements 3.6.3 and IR.3.099: Test the organizational incident response capability.
Learn how to “Test the organizational incident response capability” to meet NIST SP 800-171 3.6.3 and CMMC IR.3.099 requirements.
What are NIST SP 800-171 and CMMC Malicious Code Protection Requirements?
In this post, we will discuss how to meet your NIST SP 800-171 and CMMC malicious code protection requirements.
How to Create a Plan of Action & Milestones for NIST SP 800-171
A plan of action and milestones document is critical to meeting your NIST SP 800-171 requirements. Here is how to make one.
What is a Collaborative Computing Device?
Learn what a collaborative computing device is and how to meet your NIST SP 800-171 and CMMC requirements.
What is a Basic (Contractor Self-Assessment) NIST SP 800-171 DoD Assessment?
Learn what a basic NIST SP 800-171 DoD assessment is and how to perform one to meet your DFARS 252.204-7019 and DFARS 252.204-7020 requirements.
How to Meet NIST SP 800-171 & CMMC Personnel Security Requirements
To meet CMMC and NIST SP 800-171 requirements, organizations must implement personnel security controls. What are these requirements and how can they be met?
How to Meet NIST SP 800-171 & CMMC Physical Protection Requirements
To meet CMMC and NIST SP 800-171 requirements, organizations must implement physical security controls. What are these requirements and how can they be met?
Meeting Personnel Training Requirements for NIST SP 800-171 & CMMC Using Free Resources
The NIST 800-171 and CMMC security frameworks both have an entire domain about awareness and training. Here is how you can meet those training requirements using free resources.
Digital Bug Out Bag Essentials
Are you preparing for a natural disaster, civil unrest, nuclear holocaust, or zombie apocalypse? If so, you need a digital bug-out bag.
Cybersecurity Border Crossing and Travel Tips
When traveling or crossing through border controls there are a few cybersecurity tips and best practices you should follow.
Easy to Follow Online Privacy Guide
Learn how to clean up your online presence and stay anonymous.
Data Classification 101 Guide
Classifying and labeling data is a critical part of any mature cybersecurity program.
Is it Cybersecurity or Cyber Security? How do you spell it?
Is cybersecurity spelled as one word or two? The answer is it depends...
The Principle of Least Functionality, Simplicity is the Ultimate Sophistication
Employing the principle of least functionality is critical for organizations seeking to reduce their cyber risk.
Information Security or Cyber Security? Which term should we use?
The term cyber security is often heard in the media, government circles, and the information technology community. Is the term being used incorrectly?
The History of Hacking: 1903 the world's first Hack
In 1903 the world’s first hacking incident occurred, marking the start of an era. At the Royal Academy of Sciences in England, Nevil Maskelyne pulled off an unharmful yet very embarrassing hack.
CMMC: Policies and Procedures Contractors Should Have
Companies with cybersecurity maturity model certification (CMMC) level two or higher requirements should have robust information security policies and procedures.
5 Open-source Cybersecurity Tools Every Company Needs
Using free and open-source software (FOSS) to meet your cybersecurity needs is a great way to improve your organization’s cybersecurity posture without emptying your wallet. Here are 5 open source cybersecurity tools your company can leverage.
6 Cybersecurity Risks Associated with Working From Home
Although an operational necessity, allowing employees to work from home increases cyber risk. We cover six cyber risks and offer mitigations.
CMMC Portable/Removable Storage Security Requirements
What are the cybersecurity maturity model certification (CMMC) requirements for portable storage devices? How should you control USB thumb drives, removable drives, and SD cards to meet your CMMC or NIST SP 800-171 requirements?
Laptops given to British school kids came preloaded with malware
Laptops supplied to British schools by the Department for Education came preloaded with malware. Yes you read that right...
12 Things You Need to Know About the Signal Messenger App
The Signal Messenger App is rising in popularity. Here are some common questions people have about it.
5 Simple Ways to Improve Your Organization’s Cybersecurity
Tackling cybersecurity challenges is no walk in the park. However, you can use these five simple actions to improve cybersecurity at your organization.
Cybersecurity Maturity Model Certification (CMMC) frequently asked questions (FAQ)
Signs an Employee Might Be an Insider Threat
More than 34% of businesses around the globe are affected by insider threats yearly.
Why Ad Blockers Should Be Part of Your Endpoint Security Strategy
Malvertising is a serious threat that can often be overlooked. Ad blockers can help mitigate this threat.
How to Protect Printers From Cyber Threats
We are used to locking down workstations and servers however we often overlook printers. Here is how to secure your printers.
How Going Paperless Improves Cybersecurity
Want to help save the environment and improve your information security? Then go paperless.
4 Reasons Small Business Doesn't Invest in Cybersecurity
Small businesses are often the target of cyber attacks. Why don't they take cybersecurity as seriously as they should?
3 Free Ways to Boost Cybersecurity Awareness
Training employees on cybersecurity practices and reminding them of security threats is paramount for any successful program.
Should You Punish Employees for Cybersecurity Violations?
Everyone can agree that breaking the rules should have its consequences but is punishing users for cybersecurity policy violations and mishaps a good idea?
Physical Security Measures are an Important Part of Cybersecurity
Our data may be stored digitally but fundamentally it is still very much linked to the physical world. Here is how to bolster cybersecurity through physical security.
What is Split Tunneling? Should You Allow It?
What is split tunneling as it relates to virtual private networks? Is using split tunneling secure? How does it impact CMMC compliance requirements?
What is FIPS 140-2?
What is FIPS 140-2? Why was it created? Which encryption algorithms are FIPS 140-2 compliant?
CMMC Privacy & Security Notice Requirements
Learn which companies need to deploy system use notifications, what they should say, and how to deploy them.
What You Need to Know About the Cybersecurity Maturity Model Certification (CMMC)
There are important new updates to the DoD Cybersecurity Maturity Model Certification (CMMC).
What are Your CMMC Antivirus Requirements?
Companies with CMMC requirements will need to deploy antivirus software to their systems. Here is how to configure your antivirus software to meet your cybersecurity maturity model certification (CMMC) requirements.
5 Free Apps & Services To Protect Your Privacy
Tired of Silicon Valley and the Government tracking your every move? Use these free apps and services to help protect your privacy.
Practical Home Cybersecurity Tips
Use these tips to protect your home from cyber threats.
How Often Should Users Be Required to Reset Their Password?
Does requiring users to reset their passwords every few months promote better security or does it reduce security?
What is the difference between "Separation of Duties" and "Least Privilege"
Separating the duties of employees and implementing the principle of least privilege is vital to any cybersecurity program but what is the difference between the two?
What is the Difference Between Data Privacy and Security?
Privacy and security are related but what is the difference?
FALSE: Hiding your WiFi SSID is more secure than not, and here's why:
Does hiding your SSID improve security?
Do You Need Antivirus for Mac?
Does a Mac need antivirus? A lot of people believe that Macs don’t need it. Where did this belief come from? Is it true?
How to Create A Business Impact Analysis (BIA)
We discuss business impact analysis definition, steps, and provide templates from NIST.
How to Choose an Enterprise Grade Multi-factor Authentication (MFA) Solution
Knowing how to choose the right multi-factor authentication (MFA) solution to meet your company's compliance and security needs can save you a lot of time down the road.
Cheat Sheets Every Cybersecurity Pro Needs
Check out these useful cheat sheets for cybersecurity tools like NMAP, Wireshark, and more!
What are keyloggers and what guidance does the CMMC provide
A keylogger is a device or application that is used for keystroke logging. This captures and records a computer users' keystrokes. This includes capturing sensitive passwords. While keylogging is occurring the person using the keyboard is unaware that their actions are being monitored.
What is an Incident Response Plan? What Should it Contain?
The occurrence of a cybersecurity incident isn’t a matter of if but when. Organizations need to have incident response plans in place. So what is an incident response plan?
What information should you collect when a cybersecurity incident occurs? What are your CMMC Incident Response Requirements?
It is important for organization’s to collect information on cybersecurity incidents. Here is what they should be collecting.
What is the NIST Privacy Framework?
The NIST Privacy Framework provides organizations with a tool to manage privacy risks. How can it benefit your organization?
Use This Simple Trick to Prevent 94% of Windows Vulnerabilities
By revoking administrator rights from a Windows system you can remediate 94% of vulnerabilities affecting the Windows operating system. Here’s how.
How a Gap Analysis Can Help Your Company Prepare for CMMC
By conducting a third party CMMC gap analysis your company can identify where it currently stands in relation to it’s expected cybersecurity maturity model certification requirements.
14 year old boy takes down Amazon, CNN, Yahoo!, and eBay. Also CMMC and DDoS Attacks...
A 14 year old boy took down Amazon, CNN, Yahoo!, and eBay...well 20 years ago that is, but still very impressive. Who is he? How did he do it? Why did he do it? Was he Caught? What damage did he cause? And where is he now?
What is Dumpster Diving and how does it relate to the cybersecurity maturity model certification (CMMC)?
In the world of cybersecurity, dumpster diving is a technique used to get information that could be used to carry out a cyberattack by searching for useful information in the trash. This can include passwords written on paper, important documentation that can provide information on IT systems, PII, or any other confidential information.
CMMC - What is CUI, CDI, CTI, and FCI
What is CUI, CDI, CTI, and FCI? CMMC (Cybersecurity Maturity Model Certification)
What is Encryption and how is Encryption used in the CMMC (Cybersecurity Maturity Model Certification)?
Encryption is the process of encoding information so that it is only decipherable by select person, and CMMC practices related to encryption appear in almost all of the CMMC security domains.
What is a Firewall? How do they relate to the Cybersecurity Maturity Model Certification (CMMC)?
A firewall is a network security system that monitors and controls incoming and outgoing network traffic. Firewalls are an important part of any cybersecurity program. They can help organizations meet their cybersecurity objectives and compliance requirements such as the Cybersecurity Maturity Model Certification (CMMC).
What is a Brute force attack?
A brute force attack uses trial and error to guess login information such as passwords with the hope of eventually guessing it correctly.
What's the Difference Between SSL and TLS?
In short, SSL is the now deprecated predecessor of TLS.
What is Malware?
Malware is a broad term for any type of harmful software designed to exploit a device, service or network.
Practicing Good OpSec on Social Media
Social media can help you connect with friends and family, it can also be a way for bad actors to connect with you.
Building a Patch and Vulnerability Management Program
A patch and vulnerability management program is one of the most important parts of any cybersecurity program. In this post I explain how to build one.
Common CMMC Misconceptions
Many defense contractors are confused about CMMC. Here are two common misconceptions.
Why Your Company Needs to Block Browser Extensions
Browser extensions can increase productivity, however, left unmanaged they can create security risks for your organization.
Top 5 Phishing Statistics
Here are the top 5 most shocking phishing statistics.
How to Provide Free Cybersecurity Training to Your Employees
Your employees can receive some of the same training as Pentagon employees at no cost to you.
How to Protect Your Smartphone from Hackers
Continue reading to find out how to prevent hackers from taking over your phone.
How to Protect Your Twitter Account From Hackers
Learn to how to secure your twitter account to avoid being hacked.
7 Small Business Cybersecurity Statistics You Need to Know
Here are the top small business cybersecurity statistics you need to know.
Successful Cybersecurity Programs Focus on the Basics
Companies often overlook the basic elements of cybersecurity, leaving them vulnerable to attack.
Top 10 Useful Cybersecurity Statistics for 2020
Here are the top 10 recent cybersecurity statistics you need to know for 2020.
How to Control Portable Storage Devices
77 percent of corporate end-users surveyed have used personal flash drives for work-related purposes.
How to Create a System Security Plan (SSP)
In short, a system security plan lists an organization’s cybersecurity requirements and explains how it meets them. We will go into more detail below.
Use DISA STIGs to Secure Your IT Systems
The Defense Information Systems Agency (DISA) has a wide range of security technical implementation guides (STIGS) company’s can leverage to secure their IT systems.
New CMMC Timeline - What Your Company Needs to Do Now
The cybersecurity maturity model certification accreditation board (CMMC-AB) released a new CMMC timeline. We discuss how we can help organizations seeking certification.
How to Sanitize or Destroy Digital & Non-Digital Media
Did you know that 42% of used drives sold on eBay hold sensitive data?
You Company’s Culture Must Adapt to CMMC
A company culture fostering discipline will be a great asset for companies seeking CMMC certification.
How to Create an IT Acceptable Use Policy + Templates
Creating an acceptable use policy for your information system is a good way of informing users of your security policies and limiting legal risks.
Change Control - Important Considerations Before Making Changes to your IT Systems
Change control procedures are the backbone of any mature cybersecurity program. We offer a list of items IT teams should consider before deploying changes to their production environment.
CMMC - What is meant by Mobile Code?
When reading the term “Mobile code” many folks are left scratching their heads. In this blog we explain what mobile code is and provide examples. We also mention the cybersecurity maturity model certification (CMMC) requirements related to mobile code and how you can meet them.
What is an information system?
Understanding what an information system is and its components is critical to effectively implementing your company’s CMMC requirements.
America Needs the Cybersecurity Maturity Model Certification (CMMC) Program
“From U.S. businesses to the federal government, to state and local governments, the United States is threatened by cyberattacks every day.” Former Director of National Intelligence, Daniel Coats.
What are your CMMC password requirements?
We explain your cybersecurity maturity model certification (CMMC) password requirements.
CMMC Audit & Accountability Domain Explained
In this post we explain the CMMC audit & accountability domain and its associated requirements.
CMMC Access Control Domain Explained
In this post we explain the CMMC access control domain and its associated requirements.
How does FAR 52.204-21 relate to CMMC?
In this post we explain the new CMMC model.
Does your company need a CMMC?
Around 300,000 companies will need to earn a cybersecurity maturity model certification (CMMC) to work on U.S. Department of Defense contracts. Is your company one of them?
America's Plan to Protect its Defense Industry from Cyber Threats
America will protect its defense industrial base from cyber attacks with a new cybersecurity framework and an army of assessors.
CMMC Model Explained
In this post we explain the new CMMC model.
CMMC Maturity Explained
In this post we explain what CMMC maturity is and how it relates to the five CMMC levels.
CMMC Level 1 Explained
In this post we explain CMMC Level 1 requirements.
What is the Cybersecurity Maturity Model Certification (CMMC)?
The cybersecurity maturity model certification is a new DoD cybersecurity requirement for contractors.
Has CMMC been affected by the Coronavirus?
Yes, CMMC has been impacted by COVID-19
Do CMMC requirements apply to non-DoD contracts?
As of June 2020, CMMC requirements will only apply to DoD contracts.
COTS Contracts and CMMC
Do you need to earn a CMMC if you sell commercial off the shelf (COTS) items to the U.S. Department of Defense?
Who Needs a CMMC Certification?
Learn which companies need to earn a CMMC certification to work on DoD contracts.
CMMC - What is Federal Contract Information (FCI)?
Learn what Federal Contract Information (FCI) is and how it relates to CMMC.
CMMC - What is controlled unclassified information (CUI)?
Learn what CUI is and how it relates to CMMC.
How to Prepare for CMMC
Learn how to prepare for CMMC.
10 Things You Need to Know About CMMC
Here are the top 10 things you need to know about the cybersecurity maturity model certification (CMMC).
CMMC - What Companies Struggle with the Most
Here are the top cybersecurity compliance requirements DoD contractors struggle with the most.