CUI, or Controlled Unclassified Information, is a data designation used by the Department of Defense to refer to non-classified information that is nevertheless sensitive and requires adherence to certain security practices when handling it. To repeat, CUI is not classified information (and does not require as stringent security protocols). It is also not corporate intellectual […]
One of the key difference between NIST/DFARS compliance and CMMC compliance is that DOD has implemented stratified levels of compliance for CMMC. CMMC has five levels of compliance. CMMC compliance requirements will be stipulated in defense contracts. For most situations, Level 3 compliance will suffice for subcontractors — the first level that allows for handling […]
CMMC (Cybersecurity Maturity Model Certification) is the new standard for cybersecurity compliance for DOD contractors. The launch of CMMC has caused many conscientious contractors to ask a simple question: What about DFARS? Defense Federal Acquisition Regulation Supplement 252.204-7012 was initiated in 2016 to make sure defense contractors had sufficient cybersecurity protections in place. Contractors who […]
You’ll hear about encryption and hashing a lot when talking about internet security. And though sometimes people use these terms interchangeably, they’re incorrect when they do that. Hashing and encryption are two different processes. Let’s start with encryption. Encryption is a two-way process — if you have a ‘key,’ you can decrypt an encrypted message. […]
Whenever the full resolution of the Covid upheaval happens, it seems clear that in the business world, remote work will continue to be much more prevalent than it was before the pandemic. Covid has given a rocket boost to remote worker trends, perhaps quickening the pace of adoption by 20 years according to some estimates. […]
The FBI, security software vendors and security professionals have all noted an unfortunate aspect of the coronavirus epidemic in the online world: increased phishing attempts attempting to exploit the situation. Phishing attacks are fraudulent attempts to gain access to sensitive information such as financial account information, credit card numbers or passwords by using communications that […]