Can You Use AI and CUI?
Updated: April 2026 | Reading time: 12 min | Category: Artificial Intelligence (AI) You’ve probably heard a lot about Artificial Intelligence (AI) lately. Your staff may already be using tools…
Learn moreCMMC Phase 2 audits are suspended. Your NIST 800-171 and SPRS obligations are not. Read the plain-English breakdown →
Updated: April 2026 | Reading time: 12 min | Category: Artificial Intelligence (AI) You’ve probably heard a lot about Artificial Intelligence (AI) lately. Your staff may already be using tools…
Learn moreCMMC Level 2 requires implementing all 110 security controls from NIST Special Publication 800-171 Revision 2. These controls represent a comprehensive security program designed to protect Controlled Unclassified Information. Understanding…
Learn moreSmall defense contractors face a difficult reality: CMMC requirements are the same whether you have 10 employees or 10,000. The 110 controls in NIST SP 800-171 were designed for larger…
Learn moreTechnical controls get most of the attention in CMMC preparation, but documentation problems cause more assessment failures than missing firewalls or inadequate encryption. Assessors verify compliance through documentation—if your paperwork…
Learn moreWhen a cyber incident affects systems containing Controlled Unclassified Information, defense contractors have exactly 72 hours to report to the Department of Defense. This requirement, established in DFARS 252.204-7012, is…
Learn moreManaged Service Providers play a critical role in defense contractor cybersecurity. If you are an MSP serving defense industrial base clients, you face unique CMMC considerations. Your clients’ compliance may…
Learn morePolicies and procedures form the foundation of CMMC compliance. Without documented rules and processes, you cannot demonstrate that your security controls are intentional, consistent, and repeatable. Assessors do not just…
Learn moreHaving a great training program is not enough for CMMC compliance. You must prove it exists and operates effectively. Assessors verify your Awareness and Training controls through documentation and evidence,…
Learn moreExternal hackers get the headlines, but insider threats cause some of the most damaging security incidents. CMMC recognizes this reality with a specific requirement for insider threat awareness training. Every…
Learn moreGeneric security awareness training is not enough for CMMC. Requirement AT.L2-3.2.2 mandates that personnel receive training specific to their assigned security responsibilities. A system administrator needs different knowledge than an…
Learn more