UPDATE 13-October-2025: NIST 800-88 revision 2 has been published. We’ve updated any references to NIST 800-88r1 in this post to the latest revision. Important revisions
US Department of Defense (DoD) contractors that handle Controlled Unclassified Information (CUI) are required to secure that CUI by implementing the National Institutes of Standards
We were delighted to learn recently about a free service offered by the National Security Agency (NSA) to DoD contractors: Protective Domain Name System (PDNS),
Department of Defense Industrial Base (DIB) supply chain members must implement cybersecurity programs to protect the Federal Contract Information (FCI) and Controlled Unclassified Information (CUI)
We’ve made the assertion in our Totem Top 10 that, after you have gathered a complete inventory of all your IT system assets and identified
The DoD Industrial Base (DIB) has long awaited guidance on what IT system components are in scope for cybersecurity protections under the National Institutes of
The Cybersecurity Maturity Model Certification (CMMC) program began with the ambitious goal of introducing compliance and oversight to roughly 300,000 defense contractors. Not surprisingly, this
UPDATE 20 December 2024: This post is about the proposed CMMC rule, which has now been finalized. Therefore, this post has been superseded by our
On 4 November, the DoD announced significant CMMC updates, by publishing a new model — “CMMC 2.0” — on a revamped website, and outlining a
Skip to content