Blog

Are you a cybercriminal?

Are you a cybercriminal?

Dec 20, 2023

As a Chief Information Security Officer (CISO) or cybersecurity director, it is likely that you been asked to “pretty up the numbers” or “improve the optics” when reporting risks or the state of the o … read more
NIST 800-171 R3 Ghost Controls

NIST 800-171 R3 Ghost Controls

Dec 12, 2023

A "ghost control" is a legacy control that does not exist in NIST 800-171 R3 but is still reasonably required to demonstrate compliance. There are several aspects of NIST 800-171 R3 Final Public Dr … read more
NIST 800-171 & CMMC Documentation Terminology

NIST 800-171 & CMMC Documentation Terminology

Aug 09, 2023

Complying with NIST SP 800-171 & CMMC can be hard enough without arguing over terminology. Terminology pertaining to cybersecurity documentation is often abused, so a simplified concept of the hierarc … read more
NIST SP 800-53 vs FedRAMP vs NIST SP 800-171

NIST SP 800-53 vs FedRAMP vs NIST SP 800-171

Jun 20, 2023

NIST SP 800-53 R5 vs FedRAMP R5 vs NIST SP 800-171 R2 vs NIST SP 800-171 R3 IPDWithin the Defense Industrial Base (DIB), there is considerable confusion about the concept of "FedRAMP equivalency" as i … read more
Strategy vs Operations vs Tactics

Strategy vs Operations vs Tactics

Jun 15, 2023

Strategy vs Operations vs TacticsThe purpose of this article is to help cybersecurity leaders up their game by gaining a baseline understanding of strategy vs operations vs tactics.All too often,  … read more