As a security compliance professional, your daily work leads to one goal: passing a C3PAO assessment and maintaining a CMMC-compliant status. This of course is much easier said than done. So, throughout this process, it’s difficult to account for every nuance in publications—especially as they come out.  That’s why we’re here for a little “just so […]

As defense contractors and manufacturers progress toward CMMC Level 2 compliance, a critical area of ambiguity lies in how Operational Technology (OT) is treated within the current Level 2 Scoping Guide. Specifically, the treatment of OT within the category of “specialized assets” leaves significant room for interpretation — and potential misalignment with the practical realities […]

Disclaimer: NIST 800-171 Revision 3 is in DRAFT form, and public comments will be gathered before the publication is made final.    1. Resource Allocation = Time & Money  Even though the total count of security requirements in the recently released draft of NIST 800-171 Rev. 3 remained steady with Rev. 2, the requirements were expanded […]