2022-11-28: Certified CMMC Assessor: Spinning the Wheels of Trust in Much Bigger Systems Certified CMMC Assessors click into place as just another cog in a much larger system that already …
2022-09-29: Hanging at Converge Security and learning about Conway’s Law at the Keynote addresds
2022-07-19: Developing a Rubric to Assess Policies and Procedures for CMMC Compliance People panic when it comes to policy and procedures and CMMC. Rightfully so. Compliance with …
2022-07-11: Can you Engineer Culture in your Systems? As we try to create online communities focused on open learning we have to recognize the troubled …
2022-05-11: Guide to Microsoft's Security and Compliance Rebranding Many people might stare with wide eye confusion at the naming conventions Microsoft has used in …
2022-05-09: Matt Titcombe on the Compliance Trap from the Department of Defense.
2022-05-09: Amira Armond on how inheritance and CMMC works.
2022-05-09: Excited for Kyle Lai’s talk on ISO 2700. This is why I came.
2022-05-09: Cole French a C3PAO on preparing for CMMC.
2022-05-09: Victoria Pillitteri of NIST on future of 171
2022-05-09: Leopold Wildenauer Datacentric approaches to Protecting CUI: CMMC and Zero Trust
2022-05-09: Karen Evans, Why CMMC matters for SMBs.
2022-05-09: Stacy Bostjanick, CMMC Director, at CMMC Day
2022-04-24: CCMC: Asset Categorization and Systems Security Engineering Systems security engineering, establishing security by considering the problem, solution, and …
2022-04-24: In reply to us06web.zoom.us/meeting/r… I just RSVPd
2022-04-23: CMMC: Systems Security Engineering and the Cloud In systems security engineering requirements and constraints drive the design choices we make. They …
2022-04-22: CMMC Assessment: In Systems Security Engineering the Environment Drives Evidence From A Systems Security Engineering perspective, the environment will drive the evidence collected …
2022-04-20: CMMC, Asset Inventory, and Systems Security Engineering table, th, td { border: 1px solid; } You cannot protect what you do not know you have. Systems …
2022-04-18: System Security Engineering and CMMC Every organization has a philosophy behind their system security plan. These may range from an idea …
2022-04-13: Evaluating Organizations Seeking Certifcation: Document Based Requirements to Start a Conversation You do not jump out of a plane without first making sure a parachute works. Yet many Organization …
2022-04-11: CMMC and Asset Inventory Asset Inventory will drive your compliance. Whether you rely on the shared responsibility of zero …
2022-04-07: Any great conference should close with Amira Armond.
2022-04-07: 5 – A Vision for Software Bill of Materials (SBOM) in the DoD Jason Weiss DoD Chief Software …
2022-04-07: Joy Beland, CISM, CMMC Provisional Assessor / Instructor on insider threat.
2022-04-07: 2:10 – 2:50 – CMMC and Cyber Fraud: Costs of Non-Compliance Nick DeLena - Moderator Partner, DGC …
2022-04-07: Brigadier General (ret.) Blaine Holt Cybersecurity and Cascading Risks: A Dangerous Path to Global …
2022-04-07: Cooey Center of Excellence panel at New England NDIA.
2022-04-07: Stacy Bostjanick at NDIA on CMMC
2022-04-07: Hanging with Ryan Heildorn, Chris Lago, Patrick Perry, and Chris Hughes
2022-04-07: Zero TRUSTS given. Ryan Heidorn, David Lago, Chris Hughes, Patrick Perry
2022-04-07: DoD Thunderdome Program with Dr. Brian Hermann
2022-04-07: DoD Thunder dome Program with Dr. Brian Herman
2022-04-07: Identity is the New Perimeter : An introduction to Modern Security Concepts
2022-03-28: RSVPd Yes to 6th Annual NDIA New England Cyber Event - Zero Trust: Improving the Nation’s …
2022-03-23: Matt Carson on Lesson Learned from a DIBCAC assessment.
2022-03-23: Jacob Horne. Make 171 A framework again
2022-03-22: Ryan Bonner on working with your MSP on CMMC
2022-03-22: Allison Giddens on Signal versus Noise : Understanding Common CMMC Vendor Tactics
2022-03-22: Allison Giddens on Signal versus noise. Understanding Common CMMC Vendor Tactics
2022-03-22: Richard Wakeman on Microsoft’s Acceleration Program
2022-03-22: Richard Wakeman on Microsoft’s Acceleration Program
2022-03-22: Scott Goodwin CMMC is about Cybersecurity, Remember?
2022-03-22: At Summit 7 CS2 CMMC conference
2022-03-06: How to Use the CMMC Level One Assessment Guide Under the Cybersecurity Maturity Model Certification Program a level company who holds federal …
2022-03-04: CMMC Assessment Procedures: When Is Enough Data Enough? What Data Are In Scope? You are assessing against the 171 standard using the CMMC framework. While …
2022-02-26: Quick Reference Guide for CMMC Cyber attacks and the threat of intellectual property threaten our economy and national security. …
2022-02-23: I just RSVPd yes to 3rd Open Security Controls Assessment Language (OSCAL) Workshop
2022-02-21: Categorizing In-Scope FCI Assets using a CMMC Level One Self-Questionnaire CMMC 2.0 did not change much for level one beyond moving to a self-assessment model rather than …
2022-02-18: CyberSecurity Begins By Owning Your Digital Infrastructure “my-url-is from SXSW2003” by tantek is licensed under CC BY-NC If you do not own and …
2022-02-01: Had a wonderful kick off to our CyberDI CMMC classes yesterday. We have certified training classes …
2022-01-20: Announcing our apporved curriculum. Check out the table of contents.
2022-01-11: CMMC Scoping Number 15 in the CMMC infographic series Asset categorization, network diagrams, shared …
2022-01-11: CMMC Infographic CUI Data Transmission Policy Number 14 in the #cmmc infographic series Number …
2022-01-08: CMMC Infographic Number 12: Policies and Procedures What policies and procedures should you hvae as …
2022-01-07: CMMC Number 11: Infographic: CUI Marking Guidance This one more a fail. Too dense with information. …
2022-01-06: Number Nine Dropping Number Ten in the #CMMC 30 Day Infographic Challenge
2022-01-05: Number Eight Number Nine in the Series Talking MFA. Please turn on MFA
2022-01-05: Number Seven Here is number Eight in the series: An intro to FedRAMP
2022-01-03: Number Six Seven in the series: Internal Threats pdf: jgregorymcverry.com/readings/…
2022-01-02: Number Five Number six in the series: Asset Categorization PDF: …
2022-01-01: Number Four Fifth in the series: ABCs of DFARS 7012 pdf: jgregorymcverry.com/readings/…
2021-12-31: Number three Technically I think these last two out of order of publication. I may switch. Prolly …
2021-12-30: Number Two Number three in the series: DFARS Interim Rules
2021-12-29: Number One Number Two in the #cmmc series “Workstations and Controlled Environments pdf: …
2021-12-28: First #cybersecurity infographic about FIPS encryption and #cmmc. Trying to complete a 30 day …
2021-12-20: Asset Categorization and CMMC Many Certified CMMC Professional (CCP)will find the Configuration Management domain one of the …
2021-12-07: Attending the John Ellis Talk on CMMC 2.0 hosted by PrVeil
2021-12-01: Overview of CMMC 2.0 Ben Franklin once quipped, ““When you are finished changing, you are finished.” Nothing could …
2021-11-11: No CMMC Hot Takes. Just Take the Time for Some Slow Reads Inbox overflowing with email invitations to CMMC.20 webinars? Every consultant and software service …
2021-11-11: When Did Small Businesses Become the Enemy of Cybersecurity? When did growth become evil in America? When did we start believing the Government can handle …
2021-10-19: Cybersecurity: Did Bootcamps Break Us or Save Us The cybersecurity awareness and training industry tops a billion dollars in revenue and will only …
2021-10-14: How to Register on the CMMC-AB Class to Sign up for a CCP Class with an LTP Wow that title has a lot of letters. Luckily the registration process on the Cybersecurity Maturity …
2021-10-03: We want to transform CyberSecurity Awareness and Training into an active learning process. For far …
2021-10-01: Writing threat scenarios. www.isaca.org/resources…
2021-09-24: What does the NDAA say About CMMC? The NDAA goes deep into developing the Cyber Director role but for those looking to NDAA for …
2021-09-05: You are Doing Cyberscecurity Awareness and Training Wrong Let me tell you how most of my pitch calls go when someone needs instructional design work for their …
2021-09-03: Maturity models come to event logging for fe agencies www.whitehouse.gov/wp-conten… Per …
2021-09-02: It came out of the kiln. Check it folks. A-10 Warthog. A limited signed and numbered 13 run as part …
2021-08-30: Checked in to SENEDIA Defense Innovation Days
2021-08-27: Checking out lasers and CUI enclave policies
2021-08-23: hello
2021-08-23: The Basics of Controlled Unclassified Information When you cut through the marketing hype—and ignore all of the LinkedIn trolls predicting the doom of …
2021-08-16: Looking for a good Risk Awareness training program? Why not start with NIST-SP-800-30? …
2021-08-11: Another great meeting of the CT CMMC Coalition
2021-08-04: A must read —The Coast Guard 2021 Cybersecurity outlook www.uscg.mil/Portals/0…
2021-08-03: CMMC and Ethics At a recent Town Hall, the Cybersecurity Maturity Model Certification Accreditation Board (CMMC-AB) …
2021-08-03: CyberSecurity Begins with Awareness and Training It always comes down to the humans. Even with the best security, the tiniest friction can cause all …
2021-08-03: Roots of CyberSecurity So many people complain bout the forest and trees in the world of cybersecurity. Some look to the …
2021-08-03: Everyone should read this: FEDERAL CYBERSECURITY: AMERICA’S DATA STILL AT RISK …
2021-07-28: How do you use the Discussion Section of the CMMC Assessment Guides? Great post from Alex Johnson on the difference between the discussion and requirements of CMMC …
2021-07-26: Sample AWS Templates for incident respone. GitHub - aws-samples/aws-incident-response-playbooks …
2021-07-24: CMMC Essesntials Mocktini Recipes Moonlight Maze Martini Ingredients 2 oz cranberry juice 1 oz fresh lime juice 5 oz club soda, …
2021-07-22: Leslie Weinstein Joins Southern's CMMC Team as an Academic Advisor When you need quality you have to seek out talent. Southern Connecituct State University announce …
2021-07-21: Overview of Module Zero Kick Off: Do I need a Gap Analysis? Imagine going to the Grand Canyon and paying a tour guide to point out holes in the ground. It …
2021-07-17: Moving from Microsoft Teams to Google Classroom After two iterations of our CMMC Essentials, class we have decided to move away from Microsoft Teams …
2021-07-14: Inventory Matters Inventory matters. As Sarah Spencer CEO of SolonTek notes, “You cannot protect what you cannot …
2021-07-13: Domains, Practices, and Processes of CMMC When you join the CMMC Essentials class at Southern Connecituct State University, you interact with …
2021-07-10: CMMC Blues I’ve got them serious #CMMC blues Hated by every security recluse CEOs blame me for all their …
2021-07-09: RSVP yes to Pins and Pockets for Compliance Heroes
2021-07-08: I just RSVPd yes to CS2 excited to talk to other Higher Education folks about CMMC
2021-07-08: Creating Scenario Activities for CMMC Domains I have had the pleasure of working with Leighton Johnson, Vincent Scott, and Lauren Tucker on our …
2021-07-07: Prequisites for a DIBCAC CMMC Assessment While we await the release of the CMMC assessment process from the AB, we can look to how the …
2021-07-06: Public Act No. 21-119 AN ACT INCENTIVIZING THE ADOPTION OF CYBERSECURITY STANDARDS FOR BUSINESSES Now Law In Connecticut The market for -171 and CMMC compliance just got much bigger in Connecticut. On 2021-07-06 Governor …
2021-07-06: How Long Does a CMMC Assessment Take? I don’t know. You don’t know. Nobody knows. The scoping and final methodology guides …
2021-06-30: Avoid Shady CMMC Training! Enroll in Southern Connecticut State University's CMMC Classes Today! As a life-long public servant, nothing angers me more than swarmy consultants trying to make a quick …
2021-06-24: Controlled Unclassified Information Glossary Need a Controlled Unclassified Information cheat cheet? Getting an acronym induced migraine? Look no …
2021-06-23: Devoping and Testing CUI Scenario Questions Tomorrow in our CMMC Essentials class we will launch the module on Sensitive Data. This means …
2021-06-19: How would you teach the 17 Domains in the CMMC CCP class? Cybersecurity failed because cybersecurity training failed. Full stop. “Fail” by …
2021-06-18: Where do I Begin My CMMC Journey? Stop looking for the easy button. Hang up on those who say, “Turn Key” Then get started, …
2021-06-17: Who took the Cake Marked CUI from the Fridge? CMMC and Data Ownership We have all seen or felt the rage. You go into fridge to grab the gooey cooey chocolate volcano cake …
2021-06-16: Please support the DIMF Kids As part of our CMMC work we hope to create a Higher Education network to ensure we have the …
2021-06-15: Alex Sharpe Joins Our CMMC Essentials Course as an Instructor The learning team we have built for CMMC Essentials blows me away everyday. Just yesterday I spen …
2021-06-13: Course Descriptions of the Classes we Design for CyberDI The official launch of Certified CMMC classes approaches everyday. I am so proud of our time at …
2021-06-11: Mocktini Recipes for CMMC Essential Happy Hours Blah, blah, travel story. Please enjoy these recipes for the Mocktini Happy Hours scheduled every …
2021-06-08: What Practices and Assessment Objectives from CMMC apply to CUI? Sometimes to get a job done you just need Data. In the Cybersecurity Maturity Model Certification …
2021-06-04: An important read from the GAO. A report mandated by the 2020 NDAA on cybersecurity insurance …
2021-05-31: Memorial Day Poem
2021-05-31: We will establish the commercial viability of Wire Additive Manufacturing while collecting baseline …
2021-05-31: The Team: Grisha: FTE Principal Investigator and Project Manager Connecticut Center for Advanced …
2021-05-31: As an SBIR Team we will focus on the following goals: Duplicable Process and Procedures Integrator …
2021-05-31: callback to Note 5 Wire Additive Manufacturing leads to savings. You know what breaks a bunch? Stuff …
2021-05-31: Rewind to Note 4 Instead of subtracting, additive manufacturing works like a 3D printer. Hybrid …
2021-05-31: Back to Note 3 C&C Metals Inc. makes big parts for submarines. Imagine hot metal poruing into a …
2021-05-31: In reply to Note 2 The Team will focus on the immediate commercial applicability of Wire Additive …
2021-05-31: Note 1 Jeff will join the SBIR bid team I have built for C&C Metals inc. The core values of CCAT …
2021-05-31: Spent Friday at Connectict Center for Advanced Technology meeting with Jeff Crandall and Rick and …
2021-05-30: CMMC Process Assessments: Get better at Doing Business Getting lost in the different requirements of the Cybersecurity Maturity Model Certification? Pull …
2021-05-29: Is My Outsourced IT Provider in CMMC Scope? Let’s ask the Department of Defense "Q7: Our Company has outsourced its IT support and systems …
2021-05-24: www.itpromentor.com/best-prac… Good O365 compliance best practices.
2021-05-24: www.itpromentor.com/best-prac… Good O365 compliance best practices.
2021-05-24: I just RSVPd yes to NIST’s Cybersecurity Risk Management Virtual Event Series
2021-05-24: I just RSVPd yes to Microsoft Security and Compliance Ask Me Anything (AMA)
2021-05-24: What is Scope? A Jargon Free Explanation Our current definition of Scope comes from 16th century mid Europe when the firearm spread across …
2021-05-21: What are the different CMMC deadlines? The DFARS Interim Rules set the only known deadline for the Cybersecurity Maturity Model …
2021-05-21: Does CMMC apply to my company? In the Defense contracting world we speak of primes, those who sign the contracts, and subs, …
2021-05-20: Universities Starting Their CMMC Journey Yesterday during our weekly Coffee, Me, and CMMC SME breakfast meeting we discussed how University …
2021-05-19: Three Goals of the Cybersecurity Maturity Model Certification Program Yesterday the Office of the Under Secretary of Defense for Acquisition & Sustainment helped put …
2021-05-12: Some great @microsoft folks to follow on Twitter if you live in #cmmc or public sector space: …
2021-05-12: CMMC and the Customer Responsbility Matrix Defense Contract Management Agency says all customer responsibility matrices must be complete prior …
2021-05-10: Happy Mother's Day: Dr Tucker Joins the Team Mom’s make us mightier. Mom’s make our military fierce. In uniform and on the homefront …
2021-05-06: Module Five: Shrinking Your Scope Today we launched the next module in out CCP Essentials class. This week we focus on scoping from a …
2021-04-30: I am listening to Wayne Boline and RSVPd yes to CMMC Midwest Conference 2021
2021-04-30: Yes, I will be attending Gentle Introduction to Structural Equation Modeling because I love …
2021-04-30: Leighton Johnson Joins the Curriculum Writing Team I cannot wait to get into a room with people and just hack on curriculum. Learning is such an …
2021-04-29: Launching Module 3 Getting ready to launch our CCP-Essentials Module Three. We have designed our CMMC boot camps so …
2021-04-29: Just RSVPd yes to Cyber Operative Research Scholars Symposium
2021-04-28: “Have the Fire to Carry us deftly to new heights and to the future.” Thank you Micheael …
2021-04-28: What is CMMC? In 2019 the Department of Defense announced the creation of the Cybersecurity Maturity Model …
2021-04-26: My Module One Deliverable In our CCP-Essentials class being offered at Southern Connecticut State University our first module …
2021-04-23: 2021-04-23 My Morning Message to CCP-Essentials Class You always get jitters in our stomach the day of module launch. You worry will everything work? Will …
2021-04-22: 2021-04-22 My Morning Message to CPP-Essentials Gonna re-record yesterday’s movies and remember sound this time. he thing with filming off the …
2021-04-13: Thought of the Day: Maybe I had it wrong. It’s not #Cybersecurity at Scale begins with #UX but …
2021-03-29: Starting my morning off doing some sketch thinking while creating #cmmc courses #instructionaldesign
2021-03-26: I just RSVPd to Summit 7’s yes to Cloud Security and Compliance Series (CS2): Virtual
2021-03-24: OMG OMG look what the #connecticut #CMMC coalition finished: Our #cybersecurity glossary guide: …
2021-03-24: I just RSVPd yes to Connecticut Economic Update 2021 as a proud member of the @cbia
2021-03-21: Why would I even try to search for a better source mateiral on #cui #scope when I can just remix the …
2021-03-21: When you hear the words low, moderate, and high in terms of FedRamp, understand that these …
2021-03-21: Goal of DoDI 8510.01 DoD Risk Management Framework “provides procedural guidance for the …
2021-03-21: DoDI 8510.01 is the implementing policy for the DoD RMF based off of NIST SP-800-37 which …
2021-03-21: FedRamp: Federal Risk and Authorization Management Program was established in 2011 by the Office of …
2021-03-21: Back at the #cmmc #instructionaldesign tasks as I am amazed by the content and knowledge of Rick …
2021-03-20: requirement-security and obligations imposed on an organzation. “This is is what somebody said …
2021-03-20: access federal information system must: 1. defined security & privacy req 2. use state art …
2021-03-20: 800-53 establishes controls for system and orgs 1. Mandatory for federal information systems 2. …
2021-03-20: Spent the last few minutes of sun shine doing a deep dive into security and privacy policy of the …
2021-03-18: I am at #mozfest now. “It’s not just a font, it’s not just a technical solution. …
2021-03-18: Good luck @Sadik Shahadu Your rock as a #mozfest wrangler So proud of the co-founder of the Global …
2021-02-13: Access Control Policy Primary Documents #cmmc #nist Working on the Saturday morning hack for “Access Control Policy in Plain English” …
2020-12-21: Going to the campus in New Haven for first time since March. Kinda want to skip work and spend 1000s …
2020-12-21: Going to the campus in New Haven for first time since March. Kinda want to skip work and spend 1000s …
2020-12-21: Going to the campus in New Haven for first time since March. Kinda want to skip work and spend 1000s …
2020-11-23: Maturation Monday: Why #CyberSecurity Must Begin In School Monday again folks. Time for my weekly call for your organuizations to support the programs we have …
2020-11-20: Our CyberDI team had a wonderful meeting yesterday planning our #CMMC roll out. Yesterday we focused …
2020-11-17: Looking all official we got our partnership badge from the CMMC-AB
2020-11-13: We had a wonderful planning meeting around #cmmc yesterday and how we hope to leverage …
2020-11-06: I just RSVPd yes to Cybersheath’s Cyber Con
2020-11-06: I just RSVPd yes to Practical Advice + CMMC Compliance
2020-11-04: Presenting on #CMMC at Connecticut Commission of Education al Technologies When I say we have to build the culture of #cybersecurity well before the workplace I mean it. I am …
2020-10-31: End of Cybersecurity Month Do I have a System Security Plan? Check! Do I have proof I do the stuff in my plan? Check! Do I have …
2020-10-26: CMMC Maturation Level Begins at One. I think we should start at Grade One. I teach cybersecurity from kindergarten to Sikorsky. By the time we get to protecting the DIB we …
2020-10-26: Did you get your CUI Shot Your #MondayMessage Remember folks we pronounce #CUI as “ C U I” not “cooey” …
2020-10-24: Split Realities of Department of Defense Cost Estimates for DFARS Interim Rules It’s not that the pricing regulations are made up. They are just set in a different reality. …
2020-10-23: What is the impact of #cmmc on Connecticut Small Businesses? As the DFARS Interim rules go into effect this got me thinking about how will small businsses in the …
2020-10-22: Thinking About Flow Down/Up and the CMMC Allison Giddens on LinkedIn: #CMMC #manufacturer #CUI | 12 comments linkedin.comArchiving… …
2020-10-22: Microcredentialing and Cybersecurity I have worked in #OpenBadges and #microcredentialing for years with folks like Doug Belshaw and …
2020-10-22: Black Anvil LLC-NIST800-171-DoD Assessment Methodology.e drive.google.comArchiving… …
2020-10-21: What does the DIB think of CMMC? Let’s discuss with them. - YouTube …
2020-10-21: A Cloud’s Eye View Of Cyber VUCA In Age Of Rapid Change linkedin.comlinkedin.com …
2020-10-21: SPRS - Reference Material sprs.csd.disa.milArchiving… sprs.csd.disa.mil …
2020-10-20: Protecting FCI an CUI (This post is a pre-publication and draft of chapter two of a handbook I and Terry Lehman will …
2020-10-20: Sample Workbook Page from our DFARS Interim This is an example page from the Workbook Terry Lehman and I are working on a handbook for the DFARS …
2020-10-19: Good to see impact CMMC may have in protecting other government and public supply chains: …
2020-10-18: Future of Cyberesecurity: CMMC and the DFARS Interim Rule This post is co-written by Terry Lehman Nation Under Attack As American combat pilots scream across …
2020-10-13: Raw Notes on Katie Arrington on DFARS Interim Rule Katie Arrington on DFARS Interim Rule - YouTube youtube.comArchiving… youtube.com …
2020-10-12: Raw notes on Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity's Role in Cybersecurity Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity’s Role in …
2020-10-12: Raw note on the Capability Maturity Model for Software (Version 1.1, 1993) Capability Maturity Model for Software (Version 1.1) resources.sei.cmu.eduArchiving… …
2020-10-12: Trying to understand capabilities in terms of the CMMC by returning to McKinsey's Global Survey Building organizational capabilities: McKinsey Global Survey results | McKinsey …
2020-10-12: Raw notes An Introduction to the Cybersecurity Maturity Model Certification (CMMC) An Introduction to the Cybersecurity Maturity Model Certification (CMMC) insights.sei.cmu.eduRead: …
2020-10-11: Notes on Bob Metzger comments on DFAR Clause Bob Metzger on the DFARS Interim Rule and Cloud Compliance - YouTube youtube.comRead: …
2020-10-07: Hey folks anyone else getting the bookmark entry field to work. I just get a spin every time I try …
2020-09-27: Enjoy the third episode of Dr Mac’s CyberSecurity Brief. Today we dig deeper into CUI …
2020-09-27: Episode Two of Dr. Mac’s CyberSecurity brief. Join me as I define FCI. This show is licensed …
2020-09-27: Announcing My New Cybersecuirty Microcast Welcome to my new microcast on #cybersecurity where I reflect on my journey as a member of the …
2020-09-27: Hello everyone. This is @jgmac1106 here as well. Going to try microblog as a learning and reflection …