During almost every CMMC readiness engagement, there is a moment when the organization realizes something important. They have many of the right security tools in place. The network is segmented. Multifactor authentication is deployed. Logging exists. Endpoint protection is running. But when it comes time to show how all of that supports the CMMC requirements,...
If you handle defense work, you already know that ITAR (International Traffic in Arms Regulations) and CUI (Controlled Unclassified Information) often come up in the same conversation. They overlap, but they are not the same thing. This post explains when ITAR-controlled information must also be handled as CUI and when it stands alone under export control. Oh yeah — I...
What Are Security Protection Assets (SPAs)? SPAs are the tools, systems, and personnel that provide security functions or capabilities within the CMMC assessment scope of an Organization Seeking Certification (OSC). They protect CUI assets and the broader infrastructure that supports them. A Few Examples of SPAs: Firewalls: Devices or software that regulate network traffic, blocking...
