• CMMC may be delayed – But it’s not going away. Here is what you still need to do now……

    As you have likely heard, CMMC Rulemaking will be delayed for at up to a year due to additional Government entities review and approval. The Government may also be looking at improving requirement consistency and standardizing those requirements so that they can also be applied to non-DOD agencies. However, it is certain that DoD prime ... Read More →

  • Frequent Findings from the Most Recent Joint Surveillance Voluntary Assessments (BETA)

    As a Registered Practitioner Organization, BSC is directly involved with the CMMC Cyber-AB organization and attends multiple meetings and town halls to stay current on the CMMC landscape. While no official CMMC assessments will be performed until rulemaking is completed, here are some of the common issues that arose during the voluntary beta assessments. Organizations ... Read More →

  • Common Challenges and Pitfalls to Becoming CMMC Compliant.

    Any organization that works with the DoD or is part of a DoD prime contractor supply chain must be compliant with CMMC 2.0. While there is some question as to the actual timeline of when full compliance will be required, many subcontractors are discovering that their primes are not waiting and they need to be ... Read More →

  • Preparing for the Coming Quantum Cryptographic Break

    Computers based on quantum mechanics are maturing to a point where they seriously threaten to compromise much of today’s existing traditional cryptography, including HTTPS, Wi-Fi networks, logon authentication, smartcards, multifactor authentication, and public key infrastructure (PKI). No one knows exactly when quantum computers will mature to the point of being a real threat to most ... Read More →

  • What is OSCAL and Why Does it Matter?

    What is OSCAL and Why Does it Matter?

    NIST first released OSCAL, short for Open Security Controls Assessment Language, in June 2021. According to NIST, “An important goal of OSCAL is to move the security controls and control baselines from a text-based and manual approach (using word processors or spreadsheets) to a set of standardized and machine-readable formats. With systems security information represented ... Read More →