NIST SP 800-171 & CMMC 2.0 - Blog


Cyberwarfare vs Cyber Espionage, What is the Difference?

Cyber buzzwords always get thrown around causing confusion for readers.

Top Cybersecurity Certifications

Top 5 In Demand Cybersecurity Certifications

Which of these top 5 cybersecurity certifications do you have?

Small business data classification labels

Data Classification Labels for Your Small Business

Having trouble with data classification in your small business? Here are three classification labels you can use.

Small business cybersecurity

10 Ways to Improve Your Small Business's Cybersecurity

Perform these tasks to greatly improve cybersecurity at a small business.

personnel security requirements

NIST SP 800-171 Personnel Security Requirements

Learn everything you need to know about your Personnel Security requirements for NIST SP 800-171 and CMMC 2.0.

system security plan

What is a System Security Officer, System Owner, and Information Owner?

Learn what these essential roles are for your system security plan.

NIST SP 800-171 Physical Security Requirements

NIST SP 800-171 Physical Security Requirements Explained

Learn how to meet your NIST SP 800-171 and CMMC 2.0 physical security requirements. In this blog we reference the following NIST SP 800-171 controls 3.10.1, 3.10.2, 3.10.3, 3.10.4, 3.10.5, and 3.10.6.

NIST SP 800-171 Vulnerability Scanning

Vulnerability Scanning Requirements for NIST SP 800-171

Learn how to meet your NIST SP 800-171 and CMMC 2.0 vulnerability scanning requirements.


How I Passed the CISSP Exam on My First Try

Follow my tips on how to pass the CISSP exam.

Least Privilege

NIST SP 800-171 Least Privilege Requirements

What does “Least Privilege” mean and what are the associated NIST SP 800-171 requirements?

time server

NIST SP 800-171 Separation of Duties Requirements

What does “Separation of Duties” mean and what are the associated NIST SP 800-171 requirements?

time server

How the Time on your Computer Affects NIST SP 800-171 Compliance

There are many intricate requirements related to NIST SP 800-171 including how time on your computer is calculated.

System Security Plans Explained

To meet NIST SP 800-171 requirements you must create and maintain a system security plan (SSP).

NIST SP 800-171 CUI Sanitization and Destruction Methods

Learn how to meet your NIST SP 800-171 media sanitization and destruction requirements.

What Documentation Should You Have for NIST SP 800-171?

A cybersecurity program isn’t really a formal program until it is documented.

What are the NIST SP 800-171 Password Requirements?

The password requirements for NIST SP 800-171 are not very specific, this allows organizations to establish their own password policy as long as it meets basic NIST SP 800-171 requirements.

What CMMC 2.0 Means for your Business

CMMC 2.0 has streamlined CMMC and brought it in line with existing federal cybersecurity standards. This will result in benefits for many government contractors.

Easy to Use Incident Response Checklist

Organizations should have standardized procedures for responding to incidents, use this incident response checklist next time you respond to an incident.

CUI  protection

How to Protect the Confidentiality of CUI

Learn how to protect the confidentiality of CUI using physical and technical safeguards.


Using DISA STIGs to Meet NIST SP 800-171 and CMMC Requirements

Learn how using DISA STIGs can help you meet your DFARS cybersecurity compliance requirements.

Hardware and Software Inventory

How to Create a Hardware and Software Inventory for your System Security Plan

Every system security plan should include or reference a hardware and software inventory.

Hardware and Software Inventory

How to Meet Requirements 3.6.3 and IR.3.099: Test the organizational incident response capability.

Learn how to “Test the organizational incident response capability” to meet NIST SP 800-171 3.6.3 and CMMC IR.3.099 requirements.

How to create a POA&M

What are NIST SP 800-171 and CMMC Malicious Code Protection Requirements?

In this post, we will discuss how to meet your NIST SP 800-171 and CMMC malicious code protection requirements.

How to create a POA&M

How to Create a Plan of Action & Milestones for NIST SP 800-171

A plan of action and milestones document is critical to meeting your NIST SP 800-171 requirements. Here is how to make one.

Collaborative Computing Device

What is a Collaborative Computing Device?

Learn what a collaborative computing device is and how to meet your NIST SP 800-171 and CMMC requirements.

NIST SP 800-171 Basic Contractor Self-Assessment

What is a Basic (Contractor Self-Assessment) NIST SP 800-171 DoD Assessment?

Learn what a basic NIST SP 800-171 DoD assessment is and how to perform one to meet your DFARS 252.204-7019 and DFARS 252.204-7020 requirements.

CMMC and NIST SP 800-171 Physical Protection

How to Meet NIST SP 800-171 & CMMC Personnel Security Requirements

To meet CMMC and NIST SP 800-171 requirements, organizations must implement personnel security controls. What are these requirements and how can they be met?

CMMC and NIST SP 800-171 Physical Protection

How to Meet NIST SP 800-171 & CMMC Physical Protection Requirements

To meet CMMC and NIST SP 800-171 requirements, organizations must implement physical security controls. What are these requirements and how can they be met?

CMMC and NIST SP 800-171 training

Meeting Personnel Training Requirements for NIST SP 800-171 & CMMC Using Free Resources

The NIST 800-171 and CMMC security frameworks both have an entire domain about awareness and training. Here is how you can meet those training requirements using free resources.

Digital Bug Out Bag Tips

Digital Bug Out Bag Essentials

Are you preparing for a natural disaster, civil unrest, nuclear holocaust, or zombie apocalypse? If so, you need a digital bug-out bag.

Cybersecurity Travel Tips

Cybersecurity Border Crossing and Travel Tips

When traveling or crossing through border controls there are a few cybersecurity tips and best practices you should follow.

Privacy Guide

Easy to Follow Online Privacy Guide

Learn how to clean up your online presence and stay anonymous.

Data Classification Guide

Data Classification 101 Guide

Classifying and labeling data is a critical part of any mature cybersecurity program.

Is cybersecurity one word or two?

Is it Cybersecurity or Cyber Security? How do you spell it?

Is cybersecurity spelled as one word or two? The answer is it depends...

Least functionality

The Principle of Least Functionality, Simplicity is the Ultimate Sophistication

Employing the principle of least functionality is critical for organizations seeking to reduce their cyber risk.

Which is correct information security or cybersecrity

Information Security or Cyber Security? Which term should we use?

The term cyber security is often heard in the media, government circles, and the information technology community. Is the term being used incorrectly?

Worlds first hacker Nevil Maskelyne

The History of Hacking: 1903 the world's first Hack

In 1903 the world’s first hacking incident occurred, marking the start of an era. At the Royal Academy of Sciences in England, Nevil Maskelyne pulled off an unharmful yet very embarrassing hack.

CMMC Policy and Procedure Templates

CMMC: Policies and Procedures Contractors Should Have

Companies with cybersecurity maturity model certification (CMMC) level two or higher requirements should have robust information security policies and procedures.

Free and open source cybersecurity tools

5 Open-source Cybersecurity Tools Every Company Needs

Using free and open-source software (FOSS) to meet your cybersecurity needs is a great way to improve your organization’s cybersecurity posture without emptying your wallet. Here are 5 open source cybersecurity tools your company can leverage.

Remote Work Cybersecurity Risk

6 Cybersecurity Risks Associated with Working From Home

Although an operational necessity, allowing employees to work from home increases cyber risk. We cover six cyber risks and offer mitigations.

Kids Malware Viruses

CMMC Portable/Removable Storage Security Requirements

What are the cybersecurity maturity model certification (CMMC) requirements for portable storage devices? How should you control USB thumb drives, removable drives, and SD cards to meet your CMMC or NIST SP 800-171 requirements?

Kids Malware Viruses

Laptops given to British school kids came preloaded with malware

Laptops supplied to British schools by the Department for Education came preloaded with malware. Yes you read that right...

Cybersecurity Tips

12 Things You Need to Know About the Signal Messenger App

The Signal Messenger App is rising in popularity. Here are some common questions people have about it.

Cybersecurity Tips

5 Simple Ways to Improve Your Organization’s Cybersecurity

Tackling cybersecurity challenges is no walk in the park. However, you can use these five simple actions to improve cybersecurity at your organization.

cmmc FAQ


Cybersecurity Maturity Model Certification (CMMC) frequently asked questions (FAQ)


Signs an Employee Might Be an Insider Threat

More than 34% of businesses around the globe are affected by insider threats yearly.[1]


Why Ad Blockers Should Be Part of Your Endpoint Security Strategy

Malvertising is a serious threat that can often be overlooked. Ad blockers can help mitigate this threat.

Small Business Cybersecurity

How to Protect Printers From Cyber Threats

We are used to locking down workstations and servers however we often overlook printers. Here is how to secure your printers.

Small Business Cybersecurity

How Going Paperless Improves Cybersecurity

Want to help save the environment and improve your information security? Then go paperless.

Small Business Cybersecurity

4 Reasons Small Business Doesn't Invest in Cybersecurity

Small businesses are often the target of cyber attacks. Why don't they take cybersecurity as seriously as they should?

Cybersecurity Awareness

3 Free Ways to Boost Cybersecurity Awareness

Training employees on cybersecurity practices and reminding them of security threats is paramount for any successful program.

Cybersecurity Violation Punishment

Should You Punish Employees for Cybersecurity Violations?

Everyone can agree that breaking the rules should have its consequences but is punishing users for cybersecurity policy violations and mishaps a good idea?

Physical Security CMMC

Physical Security Measures are an Important Part of Cybersecurity

Our data may be stored digitally but fundamentally it is still very much linked to the physical world. Here is how to bolster cybersecurity through physical security.

Split Tunneling Cybersecurity Maturity Model Certification (CMMC)

What is Split Tunneling? Should You Allow It?

What is split tunneling as it relates to virtual private networks? Is using split tunneling secure? How does it impact CMMC compliance requirements?

FIPS 140-2 Validated Encryption CMMC

What is FIPS 140-2?

What is FIPS 140-2? Why was it created? Which encryption algorithms are FIPS 140-2 compliant?

Privacy & Security Notice CMMC

CMMC Privacy & Security Notice Requirements

Learn which companies need to deploy system use notifications, what they should say, and how to deploy them.

Cybersecurity Maturity Model Certification (CMMC) Frequently Asked Questions (FAQ)

What You Need to Know About the Cybersecurity Maturity Model Certification (CMMC)

There are important new updates to the DoD Cybersecurity Maturity Model Certification (CMMC).

CMMC protection from malicious code

What are Your CMMC Antivirus Requirements?

Companies with CMMC requirements will need to deploy antivirus software to their systems. Here is how to configure your antivirus software to meet your cybersecurity maturity model certification (CMMC) requirements.

Privacy Tools

5 Free Apps & Services To Protect Your Privacy

Tired of Silicon Valley and the Government tracking your every move? Use these free apps and services to help protect your privacy.

Home Cybersecurity Tips

Practical Home Cybersecurity Tips

Use these tips to protect your home from cyber threats.

password reset

How Often Should Users Be Required to Reset Their Password?

Does requiring users to reset their passwords every few months promote better security or does it reduce security?


What is the difference between "Separation of Duties" and "Least Privilege"

Separating the duties of employees and implementing the principle of least privilege is vital to any cybersecurity program but what is the difference between the two?


What is the Difference Between Data Privacy and Security?

Privacy and security are related but what is the difference?

Mac Anti-virus

Do You Need Antivirus for Mac?

Does a Mac need antivirus? A lot of people believe that Macs don’t need it. Where did this belief come from? Is it true?

NIST Business Impact Analysis

How to Create A Business Impact Analysis (BIA)

We discuss business impact analysis definition, steps, and provide templates from NIST.

Multi-factor authentication CMMC

How to Choose an Enterprise Grade Multi-factor Authentication (MFA) Solution

Knowing how to choose the right multi-factor authentication (MFA) solution to meet your company's compliance and security needs can save you a lot of time down the road.

Cybersecurity Phishing Attacks

Cheat Sheets Every Cybersecurity Pro Needs

Check out these useful cheat sheets for cybersecurity tools like NMAP, Wireshark, and more!

CMMC Keylogger

What are keyloggers and what guidance does the CMMC provide

A keylogger is a device or application that is used for keystroke logging. This captures and records a computer users' keystrokes. This includes capturing sensitive passwords. While keylogging is occurring the person using the keyboard is unaware that their actions are being monitored.

Incident Response Plan

What is an Incident Response Plan? What Should it Contain?

The occurrence of a cybersecurity incident isn’t a matter of if but when. Organizations need to have incident response plans in place. So what is an incident response plan?

Incident Response Information Collection CMMC

What information should you collect when a cybersecurity incident occurs? What are your CMMC Incident Response Requirements?

It is important for organization’s to collect information on cybersecurity incidents. Here is what they should be collecting.


What is the NIST Privacy Framework?

The NIST Privacy Framework provides organizations with a tool to manage privacy risks. How can it benefit your organization?


Use This Simple Trick to Prevent 94% of Windows Vulnerabilities

By revoking administrator rights from a Windows system you can remediate 94% of vulnerabilities affecting the Windows operating system. Here’s how.

CMMC Gap Analysis

How a Gap Analysis Can Help Your Company Prepare for CMMC

By conducting a third party CMMC gap analysis your company can identify where it currently stands in relation to it’s expected cybersecurity maturity model certification requirements.

Bill Clinton DDoS CMMC

14 year old boy takes down Amazon, CNN, Yahoo!, and eBay. Also CMMC and DDoS Attacks...

A 14 year old boy took down Amazon, CNN, Yahoo!, and eBay...well 20 years ago that is, but still very impressive. Who is he? How did he do it? Why did he do it? Was he Caught? What damage did he cause? And where is he now?

CMMC Dumpster Diving

What is Dumpster Diving and how does it relate to the cybersecurity maturity model certification (CMMC)?

In the world of cybersecurity, dumpster diving is a technique used to get information that could be used to carry out a cyberattack by searching for useful information in the trash. This can include passwords written on paper, important documentation that can provide information on IT systems, PII, or any other confidential information.

CMMC Information

CMMC - What is CUI, CDI, CTI, and FCI

What is CUI, CDI, CTI, and FCI? CMMC (Cybersecurity Maturity Model Certification)

CMMC Encryption

What is Encryption and how is Encryption used in the CMMC (Cybersecurity Maturity Model Certification)?

Encryption is the process of encoding information so that it is only decipherable by select person, and CMMC practices related to encryption appear in almost all of the CMMC security domains.

CMMC Firewall

What is a Firewall? How do they relate to the Cybersecurity Maturity Model Certification (CMMC)?

A firewall is a network security system that monitors and controls incoming and outgoing network traffic. Firewalls are an important part of any cybersecurity program. They can help organizations meet their cybersecurity objectives and compliance requirements such as the Cybersecurity Maturity Model Certification (CMMC).

Brute forece attack

What is a Brute force attack?

A brute force attack uses trial and error to guess login information such as passwords with the hope of eventually guessing it correctly.


What's the Difference Between SSL and TLS?

In short, SSL is the now deprecated predecessor of TLS.


What is Malware?

Malware is a broad term for any type of harmful software designed to exploit a device, service or network.

Browser Extensions

Practicing Good OpSec on Social Media

Social media can help you connect with friends and family, it can also be a way for bad actors to connect with you.

Browser Extensions

Building a Patch and Vulnerability Management Program

A patch and vulnerability management program is one of the most important parts of any cybersecurity program. In this post I explain how to build one.

Browser Extensions

Common CMMC Misconceptions

Many defense contractors are confused about CMMC. Here are two common misconceptions.

Browser Extensions

Why Your Company Needs to Block Browser Extensions

Browser extensions can increase productivity, however, left unmanaged they can create security risks for your organization.

Cybersecurity Phishing Attacks

Top 5 Phishing Statistics

Here are the top 5 most shocking phishing statistics.

Cyber Training

How to Provide Free Cybersecurity Training to Your Employees

Your employees can receive some of the same training as Pentagon employees at no cost to you.

Phone Hack

How to Protect Your Smartphone from Hackers

Continue reading to find out how to prevent hackers from taking over your phone.

Twitter Account

How to Protect Your Twitter Account From Hackers

Learn to how to secure your twitter account to avoid being hacked.

Small Business Cybersecurity Statistics

7 Small Business Cybersecurity Statistics You Need to Know

Here are the top small business cybersecurity statistics you need to know.

Cybersecurity Basics

Successful Cybersecurity Programs Focus on the Basics

Companies often overlook the basic elements of cybersecurity, leaving them vulnerable to attack.

Cybersecurity statitics

Top 10 Useful Cybersecurity Statistics for 2020

Here are the top 10 recent cybersecurity statistics you need to know for 2020.

Controlling Portable Storage Devices

How to Control Portable Storage Devices

77 percent of corporate end-users surveyed have used personal flash drives for work-related purposes.

system hardening using DISA STIGS

How to Create a System Security Plan (SSP)

In short, a system security plan lists an organization’s cybersecurity requirements and explains how it meets them. We will go into more detail below.

system hardening using DISA STIGS

Use DISA STIGs to Secure Your IT Systems

The Defense Information Systems Agency (DISA) has a wide range of security technical implementation guides (STIGS) company’s can leverage to secure their IT systems.

CMMC Timeline

New CMMC Timeline - What Your Company Needs to Do Now

The cybersecurity maturity model certification accreditation board (CMMC-AB) released a new CMMC timeline. We discuss how we can help organizations seeking certification.

Data sanitation and destruction

How to Sanitize or Destroy Digital & Non-Digital Media

Did you know that 42% of used drives sold on eBay hold sensitive data?

Company Culture CMMC

You Company’s Culture Must Adapt to CMMC

A company culture fostering discipline will be a great asset for companies seeking CMMC certification.

Acceptable Use Policy

How to Create an IT Acceptable Use Policy + Templates

Creating an acceptable use policy for your information system is a good way of informing users of your security policies and limiting legal risks.

Change Control

Change Control - Important Considerations Before Making Changes to your IT Systems

Change control procedures are the backbone of any mature cybersecurity program. We offer a list of items IT teams should consider before deploying changes to their production environment.

Mobile Code

CMMC - What is meant by Mobile Code?

When reading the term “Mobile code” many folks are left scratching their heads. In this blog we explain what mobile code is and provide examples. We also mention the cybersecurity maturity model certification (CMMC) requirements related to mobile code and how you can meet them.

Information System CMMC

What is an information system?

Understanding what an information system is and its components is critical to effectively implementing your company’s CMMC requirements.

Cybersecurity Maturity Model Certification

America Needs the Cybersecurity Maturity Model Certification (CMMC) Program

“From U.S. businesses to the federal government, to state and local governments, the United States is threatened by cyberattacks every day.” Former Director of National Intelligence, Daniel Coats.

Access Control

What are your CMMC password requirements?

We explain your cybersecurity maturity model certification (CMMC) password requirements.

Access Control

CMMC Audit & Accountability Domain Explained

In this post we explain the CMMC audit & accountability domain and its associated requirements.

Access Control

CMMC Access Control Domain Explained

In this post we explain the CMMC access control domain and its associated requirements.

CMMC Model

How does FAR 52.204-21 relate to CMMC?

In this post we explain the new CMMC model.

Do I need CMMC?

Does your company need a CMMC?

Around 300,000 companies will need to earn a cybersecurity maturity model certification (CMMC) to work on U.S. Department of Defense contracts. Is your company one of them?

CMMC Model

America's Plan to Protect its Defense Industry from Cyber Threats

America will protect its defense industrial base from cyber attacks with a new cybersecurity framework and an army of assessors.

CMMC Model

CMMC Model Explained

In this post we explain the new CMMC model.

CMMC Model

CMMC Maturity Explained

In this post we explain what CMMC maturity is and how it relates to the five CMMC levels.

CMMC Level 1

CMMC Level 1 Explained

In this post we explain CMMC Level 1 requirements.

Cybersecurity Maturity Model Certification Explained

What is the Cybersecurity Maturity Model Certification (CMMC)?

The cybersecurity maturity model certification is a new DoD cybersecurity requirement for contractors.

cybersecurity maturity model certification CMMC and corona

Has CMMC been affected by the Coronavirus?

Yes, CMMC has been impacted by COVID-19

Federal Contracts CMMC

Do CMMC requirements apply to non-DoD contracts?

As of June 2020, CMMC requirements will only apply to DoD contracts.

Commercial off the shelf (COTS)

COTS Contracts and CMMC

Do you need to earn a CMMC if you sell commercial off the shelf (COTS) items to the U.S. Department of Defense?

Defense Industrial Base CMMC

Who Needs a CMMC Certification?

Learn which companies need to earn a CMMC certification to work on DoD contracts.

Federal Contract Information (FCI)

CMMC - What is Federal Contract Information (FCI)?

Learn what Federal Contract Information (FCI) is and how it relates to CMMC.

What is controlled unclassified information CUI

CMMC - What is controlled unclassified information (CUI)?

Learn what CUI is and how it relates to CMMC.

Preparing for CMMC

How to Prepare for CMMC

Learn how to prepare for CMMC.

CMMC 10 Things You Need to Know

10 Things You Need to Know About CMMC

Here are the top 10 things you need to know about the cybersecurity maturity model certification (CMMC).

CMMC - What Companies Struggle with the Most

CMMC - What Companies Struggle with the Most

Here are the top cybersecurity compliance requirements DoD contractors struggle with the most.