Where there is a will, there is a way... Mac computers continue to grow in popularity; they’ve now moved well outside the purview of design firms, and can be found in-use across all industry sectors, including defense contractors. Many Mac users proudly boast about their enhanced security, while PC devotees maintain otherwise. The reality is that ALL compute platforms offer a level of risk, and...
Keep ReadingMicrosoft licensing is about as a clear as mud. There are standalone licenses and bundled licenses, security add-ons and compliance add-ons, Office 365 and Microsoft 365. If that’s not confusing enough, let’s also not forget that some bundles go inside other bundles….and somewhere along the line, G-series licenses got thrown into the mix as well. How do organizations begin to sort the option...
Keep ReadingBy now, we all know the Department of Defense (DoD) and the CMMC Accreditation Body (CMMC AB) have had a course correction…and many consider it a near about-face. In the beginning of November, the DoD announced a 2.0 version of CMMC, which removed levels 2 and 4 from CMMC 1.0/1.2 as well as its maturity requirements. They also noted that not all companies will be required to complete a third-par...
Keep ReadingThese days, everyone is talking about Zero Trust Security. A simple Google search will return pages of ads from vendors pushing their Zero Trust product, with promises of instant and foolproof security. Some vendors even claim to include fairy dust and magic rainbows. While their claims may be somewhat accurate (fairy dust and magic rainbows notwithstanding), one thing that remains unanswered is...
Keep ReadingNIST 800-171 – Access Control In my last blog post about NIST 800-171, I wrote about how meeting the requirements of 800-171 is more attainable than most would assume. Some of the controls required by 800-171 are security measures already in place courtesy of most modern systems or are already considered best practices within the Information Technology community. For example, anti-virus protect...
Keep ReadingWhat Is CMMC? CMMC stands for Cybersecurity Maturity Model Certification. But first, lets back up a little. Nation-states don’t just attack our military to steal information. Significant losses of intel have come from contractors, and much of it was unclassified data. The Department of Defense (DoD) has responded to this problem with cybersecurity requirements such as DFARS 252-204-7012 a...
Keep ReadingNIST 800-171 “It’s not scary, it’s just security,” may seem like the understatement of the year. But really, security doesn’t have to be scary. Yes, there are over 100 controls, and yes, they can appear overwhelming. But compliance with NIST 800-171 is attainable. Over the next several weeks I will be writing a mini-series on NIST 800-171 and will take the tech talk out of the complianc...
Keep Reading
Scott Whitehouse
July 25, 2022