-
Oh Shit, I Need CMMC – A Subcontractor’s Survival Guide
If you are reading this, you are probably a subcontractor in the Defense Industrial Base (DIB), and there is a good chance your prime contractor has dropped a…
4 min read
-
CMMC IS a Real Boy!
What Contractors Need to Know About the 48 CFR Final Rule On November 10, 2025, the Department of Defense will cross the line from policy to enforcement. The…
4 min read
-
Signal, Not Noise: AU 3.3.3
Let’s talk about practice 3.3.3. – Review and update logged events. [a] Determine if a process for determining when to review logged events is defined. [b] Determine if…
4 min read
-
Automation: Comparing Account Inventory to Active Directory Accounts
This is the first time I have shared something like this. I’ve actually created a ton of python scripts to automate things that need to be done at…
4 min read
-
Microsoft Defender vs. Mobile Code
How Defender blocks mobile code. CMMC Practice SC L2 3.13.13 – Configure attack surface reduction, setup WDAC, setup real-time protection.
4 min read
-
Security Protection Assets and Security Protection Data in CMMC
What Are Security Protection Assets (SPAs)? SPAs are the tools, systems, and personnel that provide security functions or capabilities within the CMMC assessment scope of an Organization Seeking…
4 min read
