One of the things that I wanted to see in the CMMC Rule was more clarity on utilizing Plans of Action and Milestones (POA&M) for companies that do not fully meet all 110 requirements during their assessment. I’m continuing to dive into the CMMC rule…it’s freaking long. Here is what it says about POA&Ms, the...
What is FIPS 140-2? Federal Information Processing Standards Publication 140-2 is a standard for the cryptographic modules used in software and hardware to protect sensitive data. The key difference between FIPS-validated modules and others is the rigorous testing and verification process they undergo. This process can take years, ensuring these modules meet strict security protocols....
In part one, we talked about what a Continuous Monitoring and Ongoing Maintenance Program should entail. Another huge part of the plan is to create a schedule to do the manual tasks required and to put human eyeballs on some of the tasks that may be automated. We’ll talk about that here as well as...
The purpose of the CMMC program is to verify that contractors have proper safeguards for Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) by moving from self-assessment to third-party or government assessments. This marks a significant change for DoD contractors, aimed at increasing accountability and ensuring the implementation of cybersecurity controls across the defense...
