Blog

Determining the scope of controls (e.g., assessment boundary) is different than determining control applicability. Do you know the difference?The Unified Scoping Guide (USG) is a free resource to make … read more

NIST 800-171 focuses on protecting Controlled Unclassified Information (CUI) anywhere it is stored, transmitted and processed. These controls are directly linked to NIST 800-53 and are a subset of the … read more

As a Chief Information Security Officer (CISO) or cybersecurity director, it is likely that you been asked to “pretty up the numbers” or “improve the optics” when reporting risks or the state of the o … read more

The release of the Cybersecurity & Data Protection Assessment Standards (CDPAS) is important to the cybersecurity industry. The CDPAS is a cohesive, consistent set of standards to govern cybersec … read more

Cybersecurity Supply Chain Risk Management (C-SCRM) is the process of identifying, assessing and mitigating risks in an organization's supply chain that could impact the security and integrity of an o … read more