Enterprise Risk and Resilience Management
Blog Posts
How to Use the CMMC Assessment Guides
This blog post is intended for DoD contractors looking for additional clarification as they prepare for a CMMC assessment. It will walk you through the assessment guides, provide basic CMMC …
• By Douglas Gardner
In Enterprise Risk and Resilience Management

10 Steps for Managing Risk: OCTAVE FORTE
This post, adapted from a recently published technical note, outlines OCTAVE FORTE's 10-step framework to guide nascent organizations as they build an ERM program and mature organizations as they fortify …
• By Brett Tucker
In Enterprise Risk and Resilience Management

Balancing Cyber Confidence and Privacy Concerns
An important part of an organization's cybersecurity posture includes the monitoring of network traffic for proactive cyber defense. The trend toward implementing network protocols designed to improve personal privacy is …
• By William Reed, Dustin Updyke
In Enterprise Risk and Resilience Management
Follow the CUI: 4 Steps to Starting Your CMMC Assessment
One of the primary drivers of the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) is the congressional mandate to reduce the risk of accidental disclosure of controlled unclassified …
• By Matthew Trevors
In Enterprise Risk and Resilience Management

Beyond NIST SP 800-171: 20 Additional Practices in CMMC
In November, defense contractors will be required to meet new security practices outlined in the Cybersecurity Maturity Model Certification (CMMC). As this post details, while the primary source of security …
• By Andrew Hoover, Katie C. Stewart
In Enterprise Risk and Resilience Management
Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity's Role in Cybersecurity
Process maturity represents an organization's ability to institutionalize their practices. Measuring process maturity determines how well practices are ingrained in the way work is defined, executed, and....
• By Andrew Hoover, Katie C. Stewart
In Enterprise Risk and Resilience Management
The Latest Work from the SEI: DevSecOps, Artificial Intelligence, and Cybersecurity Maturity Model Certification
As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, conference papers, and webcasts highlighting our …
• By Douglas C. Schmidt
In Enterprise Risk and Resilience Management
An Introduction to the Cybersecurity Maturity Model Certification (CMMC)
A recent study predicted that business losses due to cybercrime will exceed $5 trillion by 2024. The threat to the Defense Industrial Base (DIB)--the network of more than 300,000 businesses, …
• By Katie C. Stewart, Andrew Hoover
In Enterprise Risk and Resilience Management
Programmer Moneyball: Challenging the Myth of Individual Programmer Productivity
A pervasive belief in the field of software engineering is that some programmers are much, much better than others (the times-10, or x10, programmer), and that the skills...
• By Bill Nichols
In Enterprise Risk and Resilience Management

After the Cyber Resilience Review: A Targeted Improvement Plan for Service Continuity
In 2011, the SEI's CERT Division developed and published the Cyber Resilience Review (CRR) on behalf of the Department of Homeland Security....
• By Robert Vrtis, Jeffrey Pinckard
In Enterprise Risk and Resilience Management

