Brian Hooper

Defense missions demand speed, precision and trust in the data behind every decision. Download this Splunk guide to explore how agencies can unify fragmented data and accelerate operational advantage in complex environments. https://lnkd.in/e9k8BQV4

1

DFARS 7012 requires contractors to implement NIST SP 800-171 to protect Covered Defense Information (CDI). DFARS 7019/7020 requires contractors to perform a basic assurance self-assessment and submit a score to SPRS that is within 3 years of contract award. DFARS 7021 specifies the CMMC level required to be awarded a DoD contract. CMMC levels require either self-assessment or third-party assessment. When making the determination of the level required for a contract, there is a memo that outlines the process that must be followed by the DoD program manager to obtain a waiver to "CMMC assessment requirements" for that contract. "Program Managers and requiring activities should identify information security requirements for the types of information most likely to be associated with the planned contract effort. When market research indicates that including a CMMC assessment requirement may impede ability to generate robust competition or delay delivery of mission critical capabilities, the SAE, CAE, or DAE may approve requests to waive inclusion of CMMC assessment requirements. SAEs and CAEs must carefully weigh the risk of potential loss of CUI associated with mission critical capabilities before granting a waiver." Level 1 - "There are no circumstances likely to warrant approval of requests to waive CMMC Level 1 requirements." Level 2 - "In rare circumstances. such as when seeking competition from non-traditional DoD sources. waivers may be warranted for CMMC Level 2 third-party assessment requirements. Such waivers are not appropriate for contracts requiring performance by a cleared defense contractor. Approved waivers on a class basis must include a planned expiration date and guidance for requiring CMMC certification in subsequent solicitations." Level 3 - "In rare circumstances, waivers may be warranted for CMMC Level 3 third-party assessment requirements: such waivers, however, are not appropriate for contracts or work statements requiring access to both unclassified and classified DoD information." Full memo on the process found here, starting on page 6: https://lnkd.in/eeBCW53n #cmmc #dib #dfars

58

12 Comments

🔐 Understanding Cyber Attacks is the First Step to Preventing Them At Allsight Secure Solutions, we work with businesses across many industries and one thing is clear: cyber threats don’t discriminate. Whether you’re in finance, healthcare, education, government, retail, logistics, or tech, attackers are constantly searching for vulnerabilities. Here are 15 of the most common cyber attacks you should know about: ➡️ Phishing & Spearphishing – email scams targeting employees ➡️SQL Injection & XSS – attacking insecure web apps and portals ➡️Drive-by & Malware Attacks – spreading infection through weak links ➡️Botnets & Cryptojacking – hijacking devices for crypto mining or bigger attacks ➡️Insider Threats & Data Breaches – often the hardest to detect ➡️DoS & DDoS Attacks – flooding systems to cause downtime 📔 Why this matters: Attackers adapt based on your industry and infrastructure. The best defense? Knowing what you’re up against and building resilience. Stay informed. Stay secure. #CyberSecurityPH #CyberThreats #InfoSec #RiskManagement #Compliance

5

SOTA agent frameworks rely on probabilistic "vibes" and lack deterministic User-to-Agent Authorization mapped to data classification. This makes them mission-unsuitable for military use, where multi-level security requires microsecond, pre-computed gating instead of slow, bypassable LLM reasoning...

Most security incidents are preceded by detectable signals such as anomalous behavior, credential exposure, or emerging infrastructure misuse. The challenge is identifying and acting on these indicators early enough to matter. Proactive risk mitigation focuses on correlating intelligence with internal telemetry to surface exposure points before they are weaponized. When teams have contextual, high-fidelity insights, they can harden configurations, enforce preventive controls, and pre stage response actions that limit attacker movement. This is how organizations reduce dwell time, minimize blast radius, and prevent routine threats from escalating into full incidents. It is not about generating more data. It is about converting intelligence into measurable risk reduction. #CTIQ #ThreatIntelligence #CyberSecurity #RiskMitigation #DetectionEngineering

3

ZTNA gets you on the track - but it won't get you across the Zero Trust finish line. 🏁 It’s built for access control. Not for visibility. Not for threat prevention. Not policy enforcement. Winning the Zero Trust race takes a platform built to see and secure everything, adapt in real time and at full speed—no blind spots, no pit stops. Read the blog to see how to go the distance: 👉https://bit.ly/45bjYyo #ZeroTrust #SASE #CISOStrategy

52

Great guidance from Norris Carden, a Lead CCA. I've been in the cyber world for decades, and a CMMC Audit is unlike anything I've seen. It requires a lawyer-like understanding of the controls, and there is relatively little latitude in meeting the assessment objectives. If you've gone through an ISO audit and think that's at the same level of rigor: nope. The sooner you bring in a partner that understands the specifics of CMMC, the better. If you're just beginning, we can help with scope and strategy. If you're ready for a dry run, we can do a mock audit. And anything in between. MAD Security #CMMC #CyberLeadership

4

1 Comment