
Blog Posts
IT, OT, and ZT: Implementing Zero Trust in Industrial Control Systems
This blog post introduces fundamental ZT and ICS concepts, barriers to implementing ZT principles in ICS environments, and potential methods to leverage ZT concepts in this domain.
• By Brian Benestelli, Dan Kambic
In Enterprise Risk and Resilience Management


System End-of-Life Planning: Designing Systems for Maximum Resiliency Over Time
Deployment plans for computing environments must account for hardware replacements and decommissions even though such activities may not occur until years later.
• By Grant Deffenbaugh, Lyndsi Hughes
In Enterprise Risk and Resilience Management


Translating the Risk Management Framework for Nonfederal Organizations
This blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.
• By Emily Shawgo, Brian Benestelli
In Enterprise Risk and Resilience Management


How to Use the CMMC Assessment Guides
This blog post is intended for DoD contractors looking for additional clarification as they prepare for a CMMC assessment. It will walk you through the assessment guides, provide basic CMMC …
• By Douglas Gardner
In Enterprise Risk and Resilience Management

10 Steps for Managing Risk: OCTAVE FORTE
This post, adapted from a recently published technical note, outlines OCTAVE FORTE's 10-step framework to guide nascent organizations as they build an ERM program and mature organizations as they fortify …
• By Brett Tucker
In Enterprise Risk and Resilience Management

Balancing Cyber Confidence and Privacy Concerns
An important part of an organization's cybersecurity posture includes the monitoring of network traffic for proactive cyber defense. The trend toward implementing network protocols designed to improve personal privacy is …
• By William Reed, Dustin Updyke
In Enterprise Risk and Resilience Management


Follow the CUI: 4 Steps to Starting Your CMMC Assessment
One of the primary drivers of the DoD's Cybersecurity Maturity Model Certification (CMMC) is the congressional mandate to reduce the risk of accidental disclosure of controlled unclassified information (CUI).
• By Matthew Trevors
In Enterprise Risk and Resilience Management

Beyond NIST SP 800-171: 20 Additional Practices in CMMC
These 20 practices are intended to make DoD contractors more security conscious.
• By Andrew Hoover, Katie C. Stewart
In Enterprise Risk and Resilience Management


Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity's Role in Cybersecurity
Mature cybersecurity processes will improve an organization's ability to prevent and respond to a cyberattack
• By Andrew Hoover, Katie C. Stewart
In Enterprise Risk and Resilience Management


The Latest Work from the SEI: DevSecOps, Artificial Intelligence, and Cybersecurity Maturity Model Certification
As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, conference papers, and webcasts highlighting our …
• By Douglas C. Schmidt
In Enterprise Risk and Resilience Management
