-
Security Protection Assets and Security Protection Data in CMMC
What Are Security Protection Assets (SPAs)? SPAs are the tools, systems, and personnel that provide security functions or capabilities within the CMMC assessment scope of an Organization Seeking…
4 min read
-
CMMC Practice 3.4.7 – Ports, Protocols, Programs Functions, and Services
TL;DR: Simplifying Essential Features for Compliance The Goal: Restrict and disable nonessential programs, ports, protocols, functions, and services to reduce your system’s attack surface and improve security. Challenges:…
4 min read
-
CMMC Level 2 Self-Assessment or Assessment by a CMMC Third Party Assessment Organization?
Given the choice, most companies would choose a self-assessment over a third party assessment. Isn’t that what CMMC was trying to get away from? The decision of whether…
4 min read
-
The CMMC Rule and Plans of Action & Milestones (POA&M)
One of the things that I wanted to see in the CMMC Rule was more clarity on utilizing Plans of Action and Milestones (POA&M) for companies that do…
4 min read
-
The CMMC Rule is FINAL!
Woooohoooo, the long awaited CMMC Rule will be published on the Federal Register on October 15, 2024. The Wrightbrained team has spent some time looking at the document.…
4 min read
-
FIPS 140-2 and CMMC Compliance
What is FIPS 140-2? Federal Information Processing Standards Publication 140-2 is a standard for the cryptographic modules used in software and hardware to protect sensitive data. The key…
4 min read
