SPRS and Meeting CMMC Requirements with Self-Assessment
With the activation of CMMC Phase 1 on November 10, 2025, contractors meeting Level 1 Maturity (and, in some cases, Level 2) can provide self-assessment documentation in lieu of undergoing an audit ...
The November 2026 CMMC Deadline and What to Expect in the Next 9 Months
With all the shifts in cybersecurity, one framework has been steadily solidifying requirements and expectations: CMMC. With the revision of CMMC 2.0 and the following feedback from vendors and the industry, it ...
Preparing Personnel and Policy for CMMC
To meet CMMC requirements, organizations need a security strategy that integrates technology, people, and policies. It is important to know when to use IT solutions and when to involve HR and leadership ...
Navigating the Frontier of Shadow AI
Employees across every department are experimenting with generative AI tools to write emails, analyze data, summarize documents, and debug code. According to IBM’s 2025 Cost of a Data Breach Report, one in ...
Using Your MSP to FedRAMP Authorization Time Through Control Inheritance
A FedRAMP Moderate baseline, now classified as Class C under the updated FedRAMP 20x framework, requires documentation and validation of over 300 controls–not an insignificant number, regardless of the enterprise. Modern IT, ...
Using FedRAMP To Fast Track Your GovRAMP Market Entry
The barrier between federal and state cloud procurement has effectively dissolved for authorized providers. With StateRAMP’s rebranding to GovRAMP and the FedRAMP RFC-0024 mandate for authorization packages, the opportunity to pursue a ...
Navigating FedRAMP’s Move to Certification ClassesÂ
Anchored by the FedRAMP Authorization Act and OMB Memo M-24-15, FedRAMP is undergoing a major change that affects virtually every aspect of how cloud service providers pursue, achieve, and maintain federal authorization ...
CIRCIA And The Future Of Federal Cyber Incident Reporting
For years, federal visibility into large-scale cyber incidents has depended on voluntary disclosure tied to regulations. The result has been delayed response coordination and inconsistent data quality. The Cyber Incident Reporting for ...
What is the Duty of Care in Cybersecurity?
Data privacy and security are often framed as organizational requirements, and as such include discussions of ROI, staffing, compliance, and so on. However, the obligations enterprises and agencies face in protecting data ...
CMMC Waivers and the Potential for Strategic Certification
As the CMMC program evolves in 2026, following the solidification of the final rule and the timelines for required certification, the Cyber AB wrestles with the need to streamline adoption across contractors ...
