If you are reading this, you are probably a subcontractor in the Defense Industrial Base (DIB), and there is a good chance your prime contractor has dropped a bombshell: you need to be compliant with CMMC. Maybe they asked for your System Security Plan (SSP). Maybe they requested your Supplier Performance Risk System (SPRS) score....
What Contractors Need to Know About the 48 CFR Final Rule On November 10, 2025, the Department of Defense will cross the line from policy to enforcement. The 48 CFR Final Rule will go into effect, and the Cybersecurity Maturity Model Certification (CMMC) will be a contractual requirement. If you want to win or extend...
This is the first time I have shared something like this. I’ve actually created a ton of python scripts to automate things that need to be done at a certain frequency. It just speeds up the process. If you like this kind of info, let me know in the comments and I will share more....
How Defender blocks mobile code. CMMC Practice SC L2 3.13.13 - Configure attack surface reduction, setup WDAC, setup real-time protection.
What Are Security Protection Assets (SPAs)? SPAs are the tools, systems, and personnel that provide security functions or capabilities within the CMMC assessment scope of an Organization Seeking Certification (OSC). They protect CUI assets and the broader infrastructure that supports them. A Few Examples of SPAs: Firewalls: Devices or software that regulate network traffic, blocking...
TL;DR: Simplifying Essential Features for Compliance The Goal: Restrict and disable nonessential programs, ports, protocols, functions, and services to reduce your system’s attack surface and improve security. Challenges: Documentation—not implementation—is where most companies fall short. You must define “essential” clearly and apply it consistently. What to Do: • Inventory: Identify everything running on your systems....
One of the things that I wanted to see in the CMMC Rule was more clarity on utilizing Plans of Action and Milestones (POA&M) for companies that do not fully meet all 110 requirements during their assessment. I’m continuing to dive into the CMMC rule…it’s freaking long. Here is what it says about POA&Ms, the...
Woooohoooo, the long awaited CMMC Rule will be published on the Federal Register on October 15, 2024. The Wrightbrained team has spent some time looking at the document. Clarifications are a big theme. Everyone in the CMMC ecosystem had a lot of questions and there were several that stood out as the most common. I...
Disclaimer: This story is entirely fictional. Any resemblance to actual persons, living or dead, or actual events, or actual companies is purely coincidental and unintended. The characters, companies, and events portrayed are purely a work of fiction. Jil Wright, a Certified CMMC Assessor, has provided this narrative to offer organizations seeking certification an example of what...
Disclaimer: This story is entirely fictional. Any resemblance to actual persons, living or dead, or actual events, or actual companies is purely coincidental and unintended. The characters, companies, and events portrayed are purely a work of fiction. Jil Wright, a Certified CMMC Assessor, has provided this narrative to offer organizations seeking certification an example of what...
