Trusted Internet Blog

Thoughts, Guidance, Musings

CMMC Certification Required by 01 Oct 2020

on Dec 6, 2019 12:43:40 PM By | Jeff Stutzman, Founder | 0 Comments | DIB DoD Defense Industrial Base 800-171 cybersecurity cmmc
According to DCSA (formerly known as DSS), October 1st, 2020, is the deadline for having completed your NIST 800-171 and CMMC certification. Here are a few new things that you need to know:
Read More

You've written your Security Plan. Now what?

Companies who try to protect everything protect nothing.
Read More

How to Create a System Security Plan

You know what CUI is, and the hard requirement to figure out how to protect it. What's next? Simple, make a system security plan.  There are several options to choose from, but I'd recommend you start with the basics
Read More

What Every Government Contractor Needs to Know Now (from the Lawyers perspective)

I authored this first blog about a week ago, but at the time, had a deck given at the National Defense Transportation Association Fall Conference. This deck was given by Attorney Mary Beth Bosco, a partner with Holland & Knight LLP -a Washington DC law firm specializing in these kinds of matters. It is chock full of good information regarding CUI, CMMC, and NIST 800-171. This is a killer deck with a ton of legal detail.  I am posting with her permission. Enjoy. Need more information?
Read More

Are we at war?

Tuesday I sat with a couple of dozen really smart folks. One, a retired Major General declared "We're at war!" (meaning, Information War). 
Read More

What is Controlled Unclassified Information?

Controlled Unclassified Information (CUI) is a category of unclassified categories issued in a directive on May 9, 2008, by President George W. Bush. CUI replaces categories such as For Official Use Only, Sensitive But Unclassified and Law Enforcement Sensitive categories. The CUI Program was originally developed for all Executive Branch Agencies but there are dozens (hundreds?) of older markings used to identify what’s now considered CIU, and the category of information is (intentionally?) defined in VERY broad terms.
Read More

What Every Government Contractor Needs to Know Now

If you don't have cybersecurity, beginning in 2020, you may not be able to bid on new government contracts.
Read More

“woshihaoren” (我是好人)

I posted this in 2013.  It's one of my favorite stories to let small defense contractors know just have much other people want the things you make for the government. This is a true story. Honestly, ya just can't make this stuff up.
Read More