The Schellman Blog

President Biden has issued a groundbreaking Executive Order to steer America toward leadership in harnessing the potential of artificial intelligence (AI) while managing its associated risks.

The Cybersecurity Maturity Model Certification (CMMC) is a framework that aims to better secure federal contract information (FCI) and controlled unclassified information (CUI) that is stored, processed, or transmitted by defense contractors and the entire defense industrial base (DIB). American defense data is incredibly valuable, and that includes highly sensitive personnel records and technical data. As such, the DIB continues to be a prime target for exploitation, and because a leak of such information could endanger the lives of government personnel and service members—not to mention the risk of billions of financial losses. Now, with the enactment of 32 CFR and 48 CFR, the Department of War (DoW) has established the legal basis of CMMC. As a premier CMMC third-party assessor organization (C3PAO) among the first authorized, we’re going to provide a complete introductory overview of this newer certification, including insight into what it constitutes, who will need CMMC, the requirements, and how to get certified so that as we approach the phased enforcement dates, you’ll be able to proceed with confidence.

Navigating the world of carbon assurance and greenhouse gas (GHG) inventories can be a complex task for any organization. However, with the guidance and expertise provided by Schellman, a trusted leader in assurance and auditing, preparing for a smooth GHG assurance becomes a manageable and essential endeavor.

In our rapidly evolving world, climate change has become an undeniable reality that affects every corner of the globe. As humanity grapples with the consequences of its actions, the responsibility to halt and reverse climate change rests on our shoulders. Businesses, spanning all sectors, are stepping up to the plate, recognizing the urgent need to measure their carbon footprints.

When a software production company requests a security assessment of its Continuous Integration (CI) and Continuous Delivery (CD) pipeline, they usually want an evaluation of the strength of its existing security measures and identification of potential security risks associated with the different components involved in storing, updating, building, and deploying their application.

Unlike Scope 1 and Scope 2 emissions—which are the direct and purchased energy emissions of a corporation, respectively—Scope 3 emissions are indirect emissions generated from activities of assets not owned or controlled by the reporting organization.

Though all compliance frameworks require organizations to provide an inventory of in-scope systems for testing, oftentimes assessors will find these provided lists aren’t accurate. However, there are at least two big benefits to maintaining an accurate systems inventory—enhanced efficiency and better management.

For organizations seeking to build robust environmental, social, and governance (ESG) programs, the Carbon Disclosure Project (CDP) provides one such framework that can help with global disclosure of your environmental impact. Should you choose to adhere to this standard, you would need to be assessed, after which you would receive scores regarding your environmental stewardship.