Series: Navigating Critical Changes in Government Cybersecurity Compliance

This executive-level series explores the sweeping cybersecurity compliance changes affecting commercial companies doing business with the government. From CMMC and the FAR CUI Final Rule to threat-sharing, AI oversight, and executive accountability, each part is designed to help organizations prepare, adapt, and lead with confidence in the evolving public-sector landscape.

13 Feb

(LinkedIn Article) Governance, Risk, and Compliance (GRC) in the Public Sector: A Strategic Imperative

Policy

Governance, Risk, and Compliance (GRC) in the Public Sector: A Strategic Imperative (LinkedIn Article)

Part 15 of our 15-Part Series: Governance, Risk, and Compliance (GRC) in the public sector requires a strategic approach—aligning security, regulatory mandates, and operational resilience to navigate evolving risks effectively.

by Thomas Butler

06 Feb

(LinkedIn Article) NIST Zero Trust Network Architecture: Applying the Framework Across CMMC, FedRAMP, FISMA, FAR CUI, StateRAMP, and More

Policy

NIST Zero Trust Network Architecture: Applying the Framework Across CMMC, FedRAMP, FISMA, FAR CUI, StateRAMP, and More (LinkedIn Article)

Part 14 of our 15-Part Series: Applying the NIST Zero Trust Network Architecture (ZTNA) framework helps organizations strengthen security by eliminating implicit trust and enforcing strict access controls across their networks.

by Mark Savage

30 Jan

(LinkedIn Article) The DOJ’s Civil Cyber-Fraud Initiative: What the False Claims Act Means for Federal Contractors

Policy

The DOJ’s Civil Cyber-Fraud Initiative: What the False Claims Act Means for Federal Contractors (LinkedIn Article)

Part 13 of our 15-Part Series: The DOJ’s Civil Cyber-Fraud Initiative leverages the False Claims Act (FCA) to hold government contractors accountable for cybersecurity failures, increasing enforcement risks for non-compliance.

by Mark Savage

23 Jan

(LinkedIn Article) White House Executive Order 14144 (superseding EO 14028): What Federal Contractors Need to Know in 2025

Policy

White House Executive Order 14144 (superseding EO 14028): What Federal Contractors Need to Know in 2025 (LinkedIn Article)

Part 12 of our 15-Part Series: Understand the expanded requirements of EO 14144 and how they impact federal contractor cybersecurity obligations.

by Mark Savage

16 Jan

(LinkedIn Article) What the FAR CUI Final Rule Means for Government Contractors: A Guide to Compliance Readiness

Policy

What the FAR CUI Final Rule Means for Government Contractors: A Guide to Compliance Readiness (LinkedIn Article)

Part 4.1 of our 15-Part Series: Explore how the FAR CUI Final Rule reshapes security obligations and compliance for government contractors.

by Mark Savage

10 Jan

(LinkedIn Article) AI System Use and Risk Management: Implications for FAR/DFARS Compliance

Policy

AI System Use and Risk Management: Implications for FAR/DFARS Compliance (LinkedIn Article)

Part 11 of our 15-Part Series: Explore the implications of AI/ML use in government contracts and how NIST frameworks guide risk management under FAR/DFARS.

by Mark Savage

12 Dec

(LinkedIn Article) National Defense Industrial Strategy (NDIS) 2024 Implications

Policy

National Defense Industrial Strategy (NDIS) 2024 Implications (LinkedIn Article)

Part 10 of our 15-Part Series: Explore the National Defense Industrial Strategy (NDIS) 2024 and its cybersecurity implications for defense contractors.

by Mark Savage

5 Dec

(LinkedIn Article) Evaluating Your Readiness for CMMC 2.0: Critical Steps for Defense Contractors

Policy

Evaluating Your Readiness for CMMC 2.0: Critical Steps for Defense Contractors (LinkedIn Article)

Part 9 of our 15-Part Series: Assess your readiness for CMMC 2.0 with key steps to meet compliance and secure contracts.

by Mark Savage

21 Nov

(LinkedIn Article) DFARS 7012 Class Deviation: What You Need to Know

Policy

DFARS 7012 Class Deviation: What You Need to Know (LinkedIn Article)

Part 8 of our 15-Part Series: Explore how the DFARS 7012 Class Deviation reverts to NIST SP 800-171 Revision 2, reshaping compliance requirements and addressing subcontractor obligations.

by Mark Savage

14 Nov

(LinkedIn Article) NARA CUI Program and CMMC Awareness and Decisions

Policy

NARA CUI Program and CMMC Awareness and Decisions (LinkedIn Article)

Part 7 of our 15-Part Series: Understand the purpose of NARA's CUI Program and determine if your organization needs to implement critical security controls.

by Mark Savage

07 Nov

Policy

DIBCS Threat Sharing (LinkedIn Article)

Part 6 of our 15-Part Series: Understand the purpose of DIB CS Threat Sharing and its role in enhancing contractor cybersecurity and collaboration.

by Mark Savage

31 Oct

(LinkedIn Article) Cybersecurity and Infrastructure Security Agency (CISA) Software Attestation

Policy

Cybersecurity and Infrastructure Security Agency (CISA) Software Attestation (LinkedIn Article)

Part 5 of our 15-Part Series: Discover how CISA's Secure Software Development Attestation Form impacts federal software procurement and your compliance obligations.

by Mark Savage

24 Oct

(LinkedIn Article) Federal FAR CUI Final Rule

Policy

Federal FAR CUI Final Rule (LinkedIn Article)

Part 4 of our 15-Part Series: Explore the key takeaways from the Federal FAR CUI Final Rule and its impact on safeguarding CUI.

by Mark Savage

17 Oct

(LinkedIn Article) DFARS 252.244-7000 Flow Down Restrictions and Supply Chain Contract Management

Policy

DFARS 252.244-7000 Flow Down Restrictions and Supply Chain Contract Management (LinkedIn Article)

Part 3 of our 15-Part Series: Navigate the complexities of DFARS 252.244-7000 flow-down restrictions and ensure compliance across your supply chain.

by Mark Savage

10 Oct

(LinkedIn Article) DoDCIO FedRAMP Moderate Equivalency Memo (Dec 2023)

Policy

DoDCIO FedRAMP Moderate Equivalency Memo (Dec 2023) (LinkedIn Article)

Part 2 of our 15-Part Series: Explore the implications of the DoD CIO's December 2023 FedRAMP Moderate Equivalency Memo for cloud compliance and security.

by Mark Savage

22 Jul

(LinkedIn Article) CEO/Public Sector: Do you understand the impact the future CMMC 2.0 and FAR CUI Final Rule government compliance programs will have on your business?

Policy

CEO/Public Sector: Do you understand the impact the future CMMC 2.0 and FAR CUI Final Rule government compliance programs will have on your business? (LinkedIn Article)

Discover how the future of CMMC compliance will shape public sector operations and contractor readiness in the first article of our 15-part series, featuring ongoing updates and links to all related content.

by Mark Savage