NIST recently updated its decades-old password security guidance after years of scrutiny, skepticism, and flat-out ineffectiveness finally forced the agency to address practical security considerations and realistic threats while abandoning what many considered to be ineffective security theater.

The Federal Risk and Authorization Management Program (FedRAMP) has been a cornerstone for ensuring the security of cloud services used by federal agencies. Recently, significant changes to the program - specifically the sunset of the JAB have sparked discussions across the cloud computing landscape.

CMMC has been on the horizon for years, lurking in the distance and often thought of as a “tomorrow” problem. With the publication of the proposed rule to amend DFARS 252.204-7021, let this be a wake up call: CMMC is coming - and it’s coming quickly.

The long-awaited NIST 800-171 Revision 3 has been released. What’s new, and what are the implications for CMMC?

The DoD just released a proposed rule for implementation of all CMMC requirements by October 1, 2026. The plan will be implemented in four phases.

Are you part of the Defense Industrial Base (DIB) or have Department of Defense (DoD) contracts? Then your deadline for implementing the Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements is fast approaching.

The new requirements are meant to keep investors apprised of the cybersecurity risks taken by public companies. That includes both your current state as well as any ongoing or future incidents that will need to be evaluated for materiality and then reported within a 4 day period.