-
When ITAR Data Is CUI and When It Is Not
If you handle defense work, you already know that ITAR (International Traffic in Arms Regulations) and CUI (Controlled Unclassified Information) often come up in the same conversation. They overlap, but they are…
4 min read
-
Oh Shit, I Need CMMC – A Subcontractor’s Survival Guide
If you are reading this, you are probably a subcontractor in the Defense Industrial Base (DIB), and there is a good chance your prime contractor has dropped a…
4 min read
-
CMMC IS a Real Boy!
What Contractors Need to Know About the 48 CFR Final Rule On November 10, 2025, the Department of Defense will cross the line from policy to enforcement. The…
4 min read
-
Signal, Not Noise: AU 3.3.3
Let’s talk about practice 3.3.3. – Review and update logged events. [a] Determine if a process for determining when to review logged events is defined. [b] Determine if…
4 min read
-
Automation: Comparing Account Inventory to Active Directory Accounts
This is the first time I have shared something like this. I’ve actually created a ton of python scripts to automate things that need to be done at…
4 min read
-
Microsoft Defender vs. Mobile Code
How Defender blocks mobile code. CMMC Practice SC L2 3.13.13 – Configure attack surface reduction, setup WDAC, setup real-time protection.
4 min read
