System End-of-Life Planning: Designing Systems for Maximum Resiliency Over Time

Deployment plans for computing environments must account for hardware replacements and decommissions even though such activities may not occur until years later.

Read More

September 27, 2021 • By Grant Deffenbaugh, Lyndsi Hughes

In Enterprise Risk and Resilience Management

Translating the Risk Management Framework for Nonfederal Organizations

This blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.

Read More

August 23, 2021 • By Emily Shawgo, Brian Benestelli

In Enterprise Risk and Resilience Management

Potential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programs

This blog post reviews the general framework of the California Consumer Privacy Act (CCPA), describes specific implications for insider risk management, and provides recommendations to prepare insider risk programs to …

Read More

May 31, 2021 • By Emily Kessel, Sarah Miller, Carrie Gardner

In Insider Threat

How to Use the CMMC Assessment Guides

This blog post is intended for DoD contractors looking for additional clarification as they prepare for a CMMC assessment. It will walk you through the assessment guides, provide basic CMMC …

Read More

March 3, 2021 • By Douglas Gardner

In Enterprise Risk and Resilience Management

10 Steps for Managing Risk: OCTAVE FORTE

This post, adapted from a recently published technical note, outlines OCTAVE FORTE's 10-step framework to guide nascent organizations as they build an ERM program and mature organizations as they fortify …

Read More

December 7, 2020 • By Brett Tucker

In Enterprise Risk and Resilience Management

Balancing Cyber Confidence and Privacy Concerns

An important part of an organization's cybersecurity posture includes the monitoring of network traffic for proactive cyber defense. The trend toward implementing network protocols designed to improve personal privacy is …

Read More

September 21, 2020 • By William Reed, Dustin Updyke

In Enterprise Risk and Resilience Management

Follow the CUI: 4 Steps to Starting Your CMMC Assessment

One of the primary drivers of the DoD's Cybersecurity Maturity Model Certification (CMMC) is the congressional mandate to reduce the risk of accidental disclosure of controlled unclassified information (CUI).

Read More

August 24, 2020 • By Matthew Trevors

In Enterprise Risk and Resilience Management

Beyond NIST SP 800-171: 20 Additional Practices in CMMC

These 20 practices are intended to make DoD contractors more security conscious.

Read More

June 22, 2020 • By Andrew Hoover, Katie C. Stewart

In Enterprise Risk and Resilience Management

Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity's Role in Cybersecurity

Mature cybersecurity processes will improve an organization's ability to prevent and respond to a cyberattack

Read More

June 1, 2020 • By Andrew Hoover, Katie C. Stewart

In Enterprise Risk and Resilience Management

The Latest Work from the SEI: DevSecOps, Artificial Intelligence, and Cybersecurity Maturity Model Certification

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, conference papers, and webcasts highlighting our …

Read More

May 25, 2020 • By Douglas C. Schmidt

In Enterprise Risk and Resilience Management