Tagged: security
External Hard Drive Encryption for CMMC and CUI
How to encrypt external drives in a way that protects CUI and survives a C3PAO assessment: method selection, BitLocker and macOS workflows, key recovery, and the evidence trail auditors expect.
Privileged Access Management for CMMC Level 2
How small defense contractors use PAM to control admin access to CUI systems: credential vaulting, session control, least privilege elevation, NIST 800-171 control mapping, and audit evidence.
Role-Based Access Control for CMMC Level 2
How defense contractors use RBAC to prove who can access CUI and why: role matrix design, NIST 800-171 control mapping, phased rollout, and the audit evidence assessors expect.
What Is Shoulder Surfing? Why It Still Matters for CUI
Shoulder surfing is a low-tech attack with high-stakes consequences for defense contractors. How visual exposure of CUI happens, why assessors care, and the controls that actually work.
Critical Infrastructure Protection (CIP) for Small Defense Contractors
Critical infrastructure protection now reaches small DIB contractors. What it means under CMMC and DFARS, and how to build it without enterprise spend.
CMMC Level 2 Access Control Policies: A Working Guide for Small Contractors
Access control is where many small defense contractors discover the gap between owning security tools and running an auditable security system. Here is how to build a policy that holds up.
ITAR Requirements for Employees: Access Control for Small Defense Contractors
ITAR restricts access to defense technical data to authorized U.S. persons, even when the access happens inside the U.S. Here is how small contractors should structure employee access, onboarding, and remote work controls.
What Is FIPS Compliant? Validated vs Compliant for Defense Contractors
Most guidance on FIPS compliance treats it like a feature checkbox. For defense contractors, the real question is whether the cryptographic module is validated through a process an auditor can verify.
How Safe Is Google Drive for CUI and Defense Contractors?
Google Drive is secure for commercial use, but the standard version is not compliant for CUI. Here is where it fails CMMC and NIST 800-171 requirements.
Active Directory Audit for CMMC and NIST 800-171
How to audit your Active Directory environment for CMMC Level 2 compliance. PowerShell scripts, NIST 800-171 control mapping, and a prioritized remediation framework.