What Is A Digital Signature?
In an earlier post, I promised to explain how hashes relate to digital signatures. Let’s begin with a thought experiment: suppose you have a document you want to protect. Specifically, you want to let others (“recipients”) know that you wrote the document and that it has not been changed by anyone since you wrote it. […]
Beware The Social Engineer
Social engineering is generally considered one of the weakest aspects of organizational security. Attackers know that and cybersecurity professionals know that, but many other folks just don’t “get it”. What is Social Engineering? The Internet Security Glossary entry for “Social Engineering” says it is a: Euphemism for non-technical or low-technology methods, often involving trickery or […]
The CMMC Roles: CCP (Certified CMMC Professional)
The previous blog discussed the major role – the RP. The RP is primarily a consultant. The RP is not allowed to be involved in the assessment. The next major role is the Certified CMMC Professionals (CCP). There is some information published on this role. In last month’s CMMC Townhall, the Board announced that the […]
The CMMC Roles: RP (Registered Practitioners)
The CMMC ecosystem has a varied participation. Per the CMMC AB, the potential stakeholders include: CMMC STAKEHOLDERS Third Party Assessor organizations (C3PAO) Organizations Seeking Certification (OSC) Registered Practitioners (RP)-advisors/consultants to prepare OSC ASSESSORS (certified at various levels) INSTRUCTORS LTP TRAINERS (provide instruction) LPP PUBLISHERS (provide curriculum and materials) AB ADVISORS RP Organization (RPO)-consultancies employing RPs […]
CMMC: Not Just Your 800-171 Anymore!
Much has already been published with respect to the Cybersecurity Maturity Model Certification (CMMC). So, hopefully this introduction will be summarily brief. Let’s start at the beginning. The CMMC was published in 2020 as DoD’s extension to NIST SP 800‑171. The CMMC “certification” is specifically for contractor organizations. It basically is the same as “authorization to operate”. […]