Big Picture

GRC Tools: What to Look For

Governance, Risk, and Compliance (GRC) frameworks are essential for organizations navigating the complex regulatory landscape. Whether you’re working toward immediate certification, like the Cybersecurity Maturity Model Certification (CMMC), or looking to improve long-term strategic decision-making, the right GRC tools can be a game changer. Here’s how a well-chosen GRC system can address both your short-term…

DoD Takes Next Step Toward CMMC

When it introduced CMMC 2.0 in 2021, the United States Department of Defense signaled that it was simultaneously both softening some of the requirements that were in early versions of its Cybersecurity Maturity Model Certification (“CMMC”) program and taking a more structured approach to implementing CMMC. As part of that structured implementation, DoD formalized CMMC by crafting an…

Contractors not as Suppliers – but as Leaders

I have to admit that I don’t always read things like the Executive Orders. As a regular citizen, I have always presumed they are filled with political platitudes rather than actionable direction. However, in discussing the Executive Order on Improving the Nation’s Cybersecurity with Jim Goepel, my colleague and founder of the CMMC Information Institute,…

Let’s Go DoD, There is Still Time to Fix CMMC.

Thank you, DoD, for showing us that you listen. In 2019 you listened and quickly created CMMC from the ether to answer a monumental need to secure our country’s supply chain. You showed you were listening again last week when you changed CMMC to address the concerns from contractors who felt CMMC 1.x was overly…

A Holiday Recipe for a Self-Assessment

Using DoD’s numbers, 180,000 companies or more that were expecting to be required to have a 3rd party CMMC assessment, can now simply self-assess their environments. What does it mean to self-assess, and how to start? A Recipe for a Self-Assessment If you are going to take this on yourself, get organized. For CMMC Level…