• Starting my morning off doing some sketch thinking while creating #cmmc courses #instructionaldesign

  • I just RSVPD to Summit 7’s yes to Cloud Security and Compliance Series (CS2): Virtual

  • OMG OMG look what the #connecticut #CMMC coalition finished: Our #cybersecurity gloassry guide: asaelcorona.com/Glossary/…

  • I just RSVPd yes to Connecticut Economic Update 2021 as a proud member of the @cbia

  • Why would I even try to search for bette source mateiral on #cui #scope when I can just remix the expertise of Compliance Forge? via.hypothes.is/ex…

  • When you here the words low, moderate, and high in terms of FedRamp these classifications get derived from FIPS 199 Standards for Security Categorization of Federal Information and Information Systems also created under the FISMA umbrella

  • Goal of DoDI 8510.01 DoD Risk Management Framework “provides procedural guidance for the reciprocal acceptance of authorization decisions and artifacts within DoD, and between DoD and other federal agencies, for the authorization and connection of information systems (ISs).”

  • DoDI 8510.01 is the implementing policy for the DoD RMF based off of NIST SP-800-37 which incoporates CNSSI 1253 www.dcsa.mil/portals/9… and NIST SP 800-53

  • FedRamp: Fedderal Risk and Authorization Management Program Got established in 2011 Office of Management and Budget (OMB) Memorandum 10-28, “Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security

  • Back at the #cmmc #instructionaldesign tasks as I am amazed by the content and knowledge of Rick Dawson. Today’s goal: Make sure all objectives from out eight hour clsass align to my “Drop the MIC” principle: 1. measurable 2. insurance 3. criteria based

  • requirement-security and obligations imposed on an organzation. “This is is what somebody said you must do” controls-describe safeguard and protection capabilities to meet a specific objective. 1. adminstrative 2. technical 3. physical

  • access federal information system must: 1. defined security & privacy req 2. use state art equipment & aquisition processes 3. security & privacy planning 4. system development life cycle management 5. engineer for security & privacy 6. document practices & processes 7. continously monitor

  • 800-53 establishes controls for system and orgs 1. Mandatory for federal information systems 2. Required by OMB A-130 and Federal Information Security Modernization Act 3. Federal Information Processing Standards (FIPS) 4. OMB Policies

    Does not apply to national security systems.

  • Spent the last few minutes of sun shine doing a deep dive into security and privacy policy of the government.

    Sun fell behind the trees and chased me inside.

  • I am at #mozfest now.

    “It’s not just a font, it’s not just a technical solution. It is a culture and an identity”

    Local languages and technological

  • Good luck @Sadik Shahadu

    Your rock as a #mozfest wrangler So proud of the co-founder of the Global Open Initiative Foundation, Founder goifoundation.org

  • Access Control Policy Primary Documents #cmmc #nist

    Working on the Saturday morning hack for “Access Control Policy in Plain English”





  • Going to the campus in New Haven for first time since March.

    Kinda want to skip work and spend 1000s at all the restaurants I have been missing.

    Life hard in a take out desert like East Haddam

  • Going to the campus in New Haven for first time since March.

    Kinda want to skip work and spend 1000s at all the restaurants I have been missing.

    Life hard in a take out desert like East Haddam

  • Going to the campus in New Haven for first time since March.

    Kinda want to skip work and spend 1000s at all the restaurants I have been missing.

    Life hard in a take out desert like East Haddam

  • Maturation Monday: Why #CyberSecurity Must Begin In School

    Monday again folks. Time for my weekly call for your organuizations to support the programs we have running with Conecpts for Adapative Learning.

    I believe in the maturation model included in the cmmc. I cringe when you hear SMEs (and their is 10–2 per webinar) say the practices are just NIST 800-171 controls. Another trope I can’t take is the idea that CMMC can’t be a maturation model since the lanscapers and the plumbers who provide essential services to our bases will never climb past level one.

    Maturation matters.

    To this end I want to begin building cyberhygeine practices long before we complain about a workforce pipeline. We need to instutionalize the practices of good hygeine from home through the high school.

    I believe the best way to begin is through a Domain’s of One’s Own. Give a kid their identity. Then model and mentor how we protect that which is most important. Us.

    Recently I have partnered with the Concepts for Adaptive Learning and we have brought in the following awards:

    • Ricker, J., McVerry, J. G., $120,000 (2020). Supporting a Tech4Teens Programming Manager. A 3 year funded project for external partner Concepts for Adaptive Learning. $120,000. Funded.

    • McVerry, J. G, Real, B & Ricker, J (2020). Digital Field Placements. Presidential Grant for Alternative Academic Delivery Digital Field Placements. $25,000. Davis Education Foundation. Funded.

    • McVerry, J. G. & Ricker, J. (2020) Tech4Teens Camp. $10,000 Funding for external partner Concepts for Adaptive Learning. Yale Community Foundation. Funded.

    We still need your help. If you or your organization is making a donation this holiday season please consider Concepts for Adaptive Learning. All of the money goes to support programs to increase Digital Literacy in the New Haven community. Your donations will help us provide free training and computers to families in need.

    As Connecticut schools shut down again and go fully remote parents and teachers have come to rely on Concepts for Adaptive Learning.

    Please Donate Today.

    Image Credit:“Amelia in Code” by donnierayjones is licensed under CC BY

  • Our CyberDI team had a wonderful meeting yesterday planning our #CMMC roll out.

    Yesterday we focused on the State of Connecticut. We work with each of our #HigherEd partner institutions to help protect the local DIB ecnomoy.

  • Looking all official we got our partnership badge from the CMMC-AB

  • We had a wonderful planning meeting around #cmmc yesterday and how we hope to leverage #HigherEducsation and State Agency to quickly scale and grow a culture around maturation

  • I just RSVPd yes to Cybersheath’s Cyber Con

subscribe via RSS

All content, unless otherwise notes, is licensed with a CC-BY-SA https://creativecommons.org/licenses/by-sa/4.0/