GSA begins placing CMMC REQUIREMENTS IN NEW CONTRACTS with controlled unclassified information via NIST 800-171 and 172 controls.
https://rosecoveredglasses.wordpress.com/2026/02/05/gsa-begins-placing-cmmc-requirements-in-new-controlled-unclassified-information-contracts/
#CMMC #CyberSecurity #CUI

CMMC Phase One has begun (Nov 10), so military contracting officers may now include the requirement for compliance with CMMC Levels 1 and 2 in new contracts... [8-minute read/listen] https://bryl.us/rygr #CMMC #DefenseContracting

Why FedRAMP Authorization and CMMC Level 2 Are Now Table Stakes for GovCon AI

https://blog.procurementsciences.com/psci_blogs/why-fedramp-authorization-and-cmmc-level-2-are-now-table-stakes-for-govcon-ai

#HackerNews #FedRAMP #CMMC #GovCon #AI #Compliance #Cybersecurity

ISACA has been officially authorized by the U.S. government as the exclusive CAICO (CMMC Assessor and Instructor Certification Organization). Learn more at: http://www.isaca.org/cmmc #cmmc #thirdpartyriskmgmt #security #resilience #digitaltrust

📰 It's Official: DoD Begins Phased Rollout of CMMC Cybersecurity Program

The clock is ticking for defense contractors! ⏰ The DoD's CMMC program officially began its phased rollout on Nov 10. Cybersecurity compliance is now becoming mandatory for all DIB contracts. #CMMC #DoD #Cybersecurity #Compliance

🔗 https://cyber.netsecops.io/articles/dods-cmmc-program-officially-begins-phased-rollout/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Plans, Policies, and Procedures: CMMC 2.0
A revised program designed to ensure Department of Defense (DoD) contractors and subcontractors adequately protect sensitive information (FCI and CUI) by streamlining requirements.

https://blackcatwhitehatsecurity.com

#Plans #Policies #Procedures #CMMC #Programming

The CMMC ‘GRACE PERIOD' MYTH could cost you your contract. Congress told the DOD to put teeth behind cyber. CMMC is the teeth.
https://rosecoveredglasses.wordpress.com/2025/10/15/the-cmmc-grace-period-myth-could-cost-you-your-contract/
#governmentcontracting #CMMC

GRC – what it is, and where it came from.

Playing the Old Guy card is dangerous for me, because people may assume incorrectly that I have a “been there, done that” attitude. And you just can’t have a “been there, done that” attitude in technology, because things change so fast. Each problem must be treated as a new problem, and solved – again – today, in light of today’s technology.

However.

I’m going to play the Old Guy card today, talking about GRC. Are you ready?

GRC is a buzzword.

However cool you may think Governance, Risk, and Compliance is, the name/acronym is a newcomer on an old field. The Open Compliance and Ethics Group (OCEG) formally defined the term GRC in 2007. (Source: the Internet. Google it. You can find it at the OCEG website, Wikipedia, and on and on).

My friend, we were doing things like change management, risk management, and legal compliance way back in the last century.

The first time (several years ago) a prospect asked me, “Do you have any experience with GRC?” I asked them, “What’s GRC? I haven’t heard that acronym.” Of course, they assumed I was ignorant, and hired someone else.

Hey. We had a whole compliance group in our legal department at Cellular One when I was Director of National System Development in 2000. We had things like product evaluation, change management, and coordination of objectives between Sales and Engineering when I was Director of Technical Services at one of America’s largest paging companies in the 1990s.

If you think GRC means finding controls to satisfy a framework, or meeting NIST standards, or achieving CMMC compliance, your thinking is too small.

GRC existed before the acronym was created.
GRC exists outside of cybersecurity.
Cybersecurity is just one part, a new addition, to the scope of a company’s unified governance, risk management, and legal compliance initiatives.

See things in perspective. Look for the bigger picture.

#CMMC #GRC #NIST

Plans, Policies, and Procedures: CMMC 2.0
A revised program designed to ensure Department of Defense (DoD) contractors and subcontractors adequately protect sensitive information (FCI and CUI) by streamlining requirements.

https://blackcatwhitehatsecurity.com

#Plans #Policies #Procedures #CMMC #CyberSecurity

Failing To Meet CMMC Requirements can expose SUPPLY CHAIN VULERABILITIES. Certification is one of the most effective tools validating that vulnerabilities are being addressed.
https://rosecoveredglasses.wordpress.com/2025/09/25/failing-to-meet-cmmc-requirements-can-expose-supply-chain-vulnerabilities/
#cybersecurity #CMMC #Supplychain

Blowing the whistle just got a little easier: New DOD rule aims to protect & empower whistleblowers https://jpmellojr.blogspot.com/2025/09/new-pentagon-cyber-rule-may-trigger.html #Whistleblower #DOD #compliance #CMMC #CUI #FalseClaimsAct

Pentagon officially implements CMMC REQUIREMENTS IN CONTRACTS requiring Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) standards moving forward.
https://rosecoveredglasses.wordpress.com/2025/09/16/pentagon-officially-implements-cmmc-requirements-in-contracts/
#governmentcontractors #CMMC

Plans, Policies, and Procedures: CMMC 2.0
A revised program designed to ensure Department of Defense (DoD) contractors and subcontractors adequately protect sensitive information (FCI and CUI) by streamlining requirements.
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #CMMC #technology #ColdFusion

🇺🇸🔒 Are you a contractor or company working with the US Government? Stay ahead of the game and learn about the Cybersecurity Maturity Model Certification (CMMC).

Discover what CMMC means for your business, how to achieve compliance, and why it's crucial for safeguarding sensitive information.

#CMMC #Cybersecurity #GovernmentContracts #Compliance

https://negativepid.blog/an-introduction-to-cmmc/

Nierenerkrankungen anhand von Bluttest vorhersagen🩸

Kölner Forschende können anhand von Blutproben vorhersagen, wie schnell eine Nierenerkrankung fortschreiten wird. Die Wissenschaftler*innen entdeckten 29 Proteine, die mit der Abnahme der Nierenfunktion zusammenhängen.

▶️ https://www.youtube.com/watch?v=FDGN8OM63ng
-
#uniköln #uniklinikkoeln #unicologne #nieren #nierenerkrankung #nephrologie #cecad #cmmc

In Horizon's cutting-room links for Wednesday, #CMMC nears go-live, #NIH grants face cuts even without reduced appropriations, #Labor loses its #CIO, #DOD limits Golden Dome talk at #Huntsville space and missile conference &c. https://washingtonhorizon.com/horizon-cutting-room-links-wednesday-6-august-2025/

Navigating CMMC & DoD Zero Trust can be complex. Join Anchore and InfusionPoints as we share practical strategies to reduce your container attack surface and achieve compliance with automated SBOMs. Our webinar tackles public sector security challenges head-on. More details on the registration page https://go.anchore.com/container-drift-base-images-cmmc.html
#CMMC #DoDZeroTrust #ContainerSecurity #PublicSectorSecurity

Kingston IronKey D500S z certyfikatem FIPS 140-3. To pierwszy taki pendrive na świecie

Firma Kingston poinformowała, że jej szyfrowany sprzętowo pendrive IronKey D500S otrzymał certyfikat NIST FIPS 140-3 Level 3.

Jak podaje producent, jest to obecnie jedyny na świecie nośnik, który łączy ten wysoki standard bezpieczeństwa ze zgodnością z wytycznymi TAA (Trade Agreement Act, amerykańska ustawa o umowach handlowych) oraz zaufanym łańcuchem dostaw. Dzięki temu pendrive spełnia rygorystyczne normy rządowe i wojskowe na całym świecie.

Kluczowym elementem wyróżniającym D500S jest jego zaufany łańcuch dostaw, który ma wspierać zgodność z normami takimi jak CMMC (Cybersecurity Maturity Model Certification stworzony przez Departament Obrony Stanów Zjednoczonych) i TAA. Urządzenie zostało zaprojektowane i jest montowane w Kalifornii, w USA.

Kingston NV3 – nowy, szybki dysk SSD w kompaktowym formacie M.2 2230

Wszystkie kluczowe komponenty, w tym mikroprocesor bezpieczeństwa, pamięć NAND Flash czy oprogramowanie układowe, są pozyskiwane od zaufanych, zgodnych z TAA dostawców i magazynowane w zabezpieczonym centrum produkcyjnym Kingston. Sam montaż odbywa się w ściśle kontrolowanych procesach, co zapewnia wysoki poziom bezpieczeństwa.

IronKey D500S oferuje szereg zaawansowanych funkcji bezpieczeństwa. Jako pierwszy w branży wprowadził opcję podwójnej, bezpiecznej partycji, która pozwala administratorowi na utworzenie dwóch oddzielnych przestrzeni o niestandardowym rozmiarze – dla administratora i dla użytkownika. Możliwe jest także stworzenie ukrytej przestrzeni dyskowej, która pozostaje niewidoczna podczas korzystania z niezaufanych systemów. Dodatkowo, administrator może ustawić globalny tryb „tylko do odczytu” oraz hasło do kryptograficznego kasowania, które w sytuacji zagrożenia trwale niszczy wszystkie dane i resetuje nośnik.

Urządzenie charakteryzuje się wytrzymałą, cynkową obudową, a jego wnętrze jest zalane żywicą epoksydową, co zapewnia ochronę przed manipulacją zgodną z wymogami FIPS 140-3 Level 3. Pendrive spełnia także wojskowe normy odporności na wstrząsy i wibracje (MIL-STD-810F) oraz posiada klasę szczelności IP67. Dostępne są warianty o pojemności do 512 GB (topowy wariant kosztuje ok. 2500 zł), objęte 5-letnią gwarancją i bezpłatnym wsparciem technicznym.

Czy 32 GB RAM to nowy standard dla graczy? Kingston analizuje rosnące potrzeby

#bezpieczeństwoDanych #CMMC #FIPS1403 #IronKeyD500S #kingston #news #pamięćPrzenośna #pendrive #szyfrowanieSprzętowe #TAA #usb

I am job hunting if anyone is looking for an #IT #engineer

I currently work in Mergers and Acquisitions as an IT specialist in the embroidery field, but I have experience with #Cisco #networking including their Firepower ASA and their switches. I am also an #MDM engineer and I am the team lead for SOP writing and development. #SSO experience with Okta. Admin experience with #Threatlocker.

I have operated in a variety of compliance frameworks including #CMMC #PCI and #FEDRAMP for the last 2 years. I've spent 3 years working medical field so I'm #HIPAA aware as well.

I would like to get back into a #datacenter job. I am comfortable with #travel and I'm comfortable with #parttime and #contract work if you have any recommendations.

I won't do defence companies though.

#FediHire #getfedihired #jobhunting #infrastructure

AI compliance is a real deal now!

In the U.S., a major rule is already on the way: CMMC.

If you're an MSP working with data from the Department of Defense or federal clients, then CMMC is for you.
Without it, you won’t be able to win DoD contracts.

Now’s the time to get CMMC compliant.

Download the free CMMC cheat sheet and checklist to stay on track.
https://zurl.co/k0PNP

#AICompliance #CMMC #DoD #MSP #Cybersecurity #GovCon #CMMC2025