Cybersecurity Maturity Model Certification for the Defense Industrial Base. NIST SP 800-171, CUI protection, and SPRS scoring.
Most Controlled Unclassified Information marking guidance tells you to add the banner and portion marks. The marking that fails contractors is the over-marking, specifically a portion mark on the Designation Indicator block, which DoD Instruction...
Read the Guide
Cybersecurity Maturity Model Certification (CMMC) Phase 2 begins November 10, 2026, per 32 CFR ยง170.3(e). On that date, mandatory third-party assessment by a Certified Third-Party Assessor Organization (C3PAO) becomes the default for Level 2 contracts,...
Read the Guide
The defense contractor's general counsel forwards two documents on a Tuesday morning. The first is the new DoD contract referencing Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7021, the Cybersecurity Maturity Model Certification (CMMC) clause. The...
Read the Guide
The email arrives on a Tuesday. Your contracting officer has forwarded a notice: the new contract includes Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7021, and the performance period begins in four months. You need Cybersecurity...
Read the Guide
What is your Supplier Performance Risk System (SPRS) score right now? Not the score you submitted. The score that reflects your actual implementation status today, measured against the 110 controls in NIST SP 800-171 Rev...
Read the Guide
The following is an illustrative composite drawn from current CMMC assessment market conditions. Contractor A had 340 workstations, four office locations, a shared IT environment spanning HR, finance, and engineering, and a standard enterprise network...
Read the GuideOne compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.