Is IPv6 Less Secure Without NAT?
NAT (Network Address Translation) is an IPv4 tool that is not used in most IPv6 deployments. This has caused some users to ask whether IPv6 is as secure as IPv4. What is NAT? NAT is a tool that allows multiple computers behind an Internet connection to share the single address of that connection. Thus, if […]
What Is A Digital Signature?
In an earlier post, I promised to explain how hashes relate to digital signatures. Let’s begin with a thought experiment: suppose you have a document you want to protect. Specifically, you want to let others (“recipients”) know that you wrote the document and that it has not been changed by anyone since you wrote it. […]
Beware The Social Engineer
Social engineering is generally considered one of the weakest aspects of organizational security. Attackers know that and cybersecurity professionals know that, but many other folks just don’t “get it”. What is Social Engineering? The Internet Security Glossary entry for “Social Engineering” says it is a: Euphemism for non-technical or low-technology methods, often involving trickery or […]
The CMMC Roles: CCP (Certified CMMC Professional)
The previous blog discussed the major role – the RP. The RP is primarily a consultant. The RP is not allowed to be involved in the assessment. The next major role is the Certified CMMC Professionals (CCP). There is some information published on this role. In last month’s CMMC Townhall, the Board announced that the […]
The CMMC Roles: RP (Registered Practitioners)
The CMMC ecosystem has a varied participation. Per the CMMC AB, the potential stakeholders include: CMMC STAKEHOLDERS Third Party Assessor organizations (C3PAO) Organizations Seeking Certification (OSC) Registered Practitioners (RP)-advisors/consultants to prepare OSC ASSESSORS (certified at various levels) INSTRUCTORS LTP TRAINERS (provide instruction) LPP PUBLISHERS (provide curriculum and materials) AB ADVISORS RP Organization (RPO)-consultancies employing RPs […]