Implementing 3.1.2 from NIST SP 800-171 Rev 2

Mar 17, 2026
If 3.1.1 authorizes access to the system, 3.1.2 authorizes permissions within the system. The rules of chess, for example, limit the types of functions allowed for each piece...
Read More
10 min read

Implementing 3.1.22 from NIST SP 800-171 Rev 2

Mar 17, 2026
Organizations should prevent the release of nonpublic information on systems accessible to the public. Systems accessible to the public include websites and social media...
Read More
10 min read

Implementing 3.5.1 from NIST SP 800-171 Rev 2

Mar 17, 2026
Identifying accounts and devices is foundational to creating a secure and accountable system. Accounts may have assignments to people and non-person entities...
Read More
10 min read

Implementing 3.5.2 from NIST SP 800-171 Rev 2

Mar 17, 2026
Forbes Advisor reported 68% of Americans changed passwords across accounts due to compromise. Social media and email accounts were the most common compromised passwords...
Read More
10 min read

Implementing 3.1.20 from NIST SP 800-171 Rev 2

Mar 17, 2026
System architecture design and separation techniques may isolate assets that handle sensitive information. Organizations may consider these separated systems external to the system handling sensitive information.
Read More
10 min read

Implementing 3.8.3 from NIST SP 800-171 Rev 2

Mar 17, 2026
Media may flow out to vendors for equipment repairs or in paper form through recycle bins. Adversaries may try to retrieve data from media after it leaves the organization. Media protection limits access to system media in both paper and digital forms.
Read More
10 min read

Implementing 3.10.1 from NIST SP 800-171 Rev 2

Mar 17, 2026
Implementing physical security controls is a critical component of safeguarding sensitive information. The NIST physical and environmental protection (PE) domain focuses on physical safeguarding practices.
Read More
10 min read

Implementing 3.10.3, 3.10.4, and 3.10.5 from NIST SP 800-171 Rev 2

Mar 17, 2026
NIST SP 800-171 derived three requirements from this part of FIPS 200. The Federal Acquisition Regulation derived one practice from this part of FIPS 200.
Read More
10 min read

Implementing 3.13.1 from NIST SP 800-171 Rev 2

Mar 17, 2026
Organizations handling sensitive information must define the external boundary of their system. Establishing internal boundaries helps create a multi-layer defense. Enable monitoring, control traffic and protect communications at each boundary.
Read More
10 min read

Implementing 3.13.5 from NIST SP 800-171 Rev 2

Mar 17, 2026
NIST describes several approaches on how organizations can establish a demilitarized zone (DMZ). This blog will discuss the following topics around NIST SP 800-171 practice 3.13.5
Read More
10 min read

Implementing 3.14.1 from NIST SP 800-171 Rev 2

Mar 17, 2026
Flaw remediation is the most difficult CMMC level one practice. It was the only level one practice on the top 10 other than satisfied requirements.
Read More
10 min read

Implementing 3.14.2, 3.14.4, and 3.14.5 from NIST SP 800-171 Rev 2

Mar 17, 2026
Malware is the most common external threat to information systems. It causes widespread damage and disruption and necessitates extensive recovery efforts. Many of today’s malware threats are stealthy and designed to avoid detection.
Read More
10 min read

The CMMC Assessment Process (CAP): An Ultimate Guide

Mar 17, 2026
The CMMC Assessment Process (CAP) provides procedures for CMMC Level 2 Assessments. CMMC Third-Party Assessment Organizations conduct assessments of organizations seeking certification (OSCs).
Read More
10 min read