Blog
We had a great CyberChat session yesterday with Chris Newborn from the Defense Acquisition University – lots of lively discussion and Q & A. I spoke with Chris last evening and he is taking our concerns to Jesse Salazar, the Deputy Assistant Secretary of Defense for Industrial Policy. Mr. Salazar comes from the private sector, […]
READ MORE »CyberChat #12 included information about the practices in the System & Information Integrity CMMC domain. We also discussed how to prepare for a CMMC assessment. Links to recording and presentation below. CyberChat #12 Presentation CyberChat #12 Recording
READ MORE »In today’s CyberChat we discussed the following CMMC Domains: Risk Management, Security Assessment, Situational Awareness, System & Communications Protection. We also talked about how to vet cloud service providers, how to handle tele-working securely and how to secure mobile devices like smart phones. Presentation and recording below. Next week we will discuss the final CMMC […]
READ MORE »Happy St. Patrick’s Day! CyberChat #10 focused on the following CMMC domains: Media Protection, Personnel Security, Physical Security and Recovery. We had a great discussion about how the technical jargon in CMMC makes it difficult for the lay person to understand, and therefore become compliant. We also discussed the responsibility of software/tool providers to use […]
READ MORE »In today’s CyberChat we worked on practices in the following CMMC Domains: Configuration Management, Identification & Authentication, Incident Response and Maintenance. I encourage everyone to thoroughly review the information on the Incident Response Template link – Amira Armond provides a thorough explanation of how to plan and train for potential cybersecurity incidents, as well as […]
READ MORE »We had lots of discussion in today’s CyberChat! DARPA just issued a CUI Guide for one of their programs. Includes lots of great information. We hope the rest of the DoD uses the guide as a model. DARPA CUI Guide If you need guidance on developing your System Security Plan, take a look at this […]
READ MORE »We have completed all the compliance prep work and are now diving into the CMMC Level 1 practices. Today we talked about how to use the CMMC Level 1 in a Box tool and discussed the practices in the Access Control Domain. CyberChat #7 Recording CyberChat #7 Presentation
READ MORE »Today we discussed how to perform a gap assessment to the 110 controls in NIST SP 800-171 using the DoD Assessment Methodology. Recording and slides below. CyberChat #6 Workshop Recording CyberChat #6- presentation- 2.17.21 See you all next Wednesday at 11:00! Laura
READ MORE »This week we discussed how to narrow audit scope to minimize costs and reduce risk. Links below to the recording, slides and Compliance Forge Scoping Guide. CyberChat #5- presentation- 2.10.21 Compliance Scoping Guide CyberChat #5 Workshop Recording See you all next week!
READ MORE »Today we discussed cybersecurity risks and how to develop a risk analysis. Performing a risk analysis is a critical step in determining the cybersecurity controls on which to focus. Many factors influence an organization’s risk profile, so there is no one-size-fits-all risk mitigation program. Good luck with your risk analysis, and don’t hesitate to contact […]
READ MORE »