AI Governance
NIST AI Risk Management Framework: A Practical Walkthrough
The four functions (Govern, Map, Measure, Manage), how to apply the framework to a real organization, and why it's becoming the de facto AI governance standard.
HIPAA & AI
HIPAA and AI Tools: What Healthcare Leaders Are Getting Wrong
The risks executives don't see when deploying AI in healthcare. ChatGPT in clinical settings, AI scribes, ambient listening, and BAA gaps.
DoD & SLED
FedRAMP, Explained: What It Is, Who Needs It, How to Get It
FedRAMP impact levels, the authorization process, the cost and timeline, and the relationship to other federal frameworks.
DoD & SLED
DoD Contractor Cybersecurity: A Roadmap for Companies New to Defense Work
What new defense contractors need to understand: DFARS, CMMC, DIBNet, FedRAMP overlap, and where to start when entering DoD work.
AI Governance
10 Questions Every Executive Should Ask Before Deploying AI
Checklist-style article aimed at C-suite. Practical questions to bring to AI vendor pitches and internal AI proposals.
DoD & SLED
Supply Chain Security in the Defense Industrial Base: What Primes Expect From Subs
Flow-down requirements, how primes audit subs, the SBOM expectation, and what subcontractors need to prepare for.
Regulatory Compliance
What a Regulatory Compliance Program Actually Looks Like
The architecture of a real compliance program: governance, risk assessment, policies, controls, evidence, incident response. What good looks like.
AI Governance
What Is AI Governance? A Framework for Organizations Deploying AI
Definition, why it matters now, the relationship to data governance and compliance, and what an AI governance program actually contains.
CMMC
POA&Ms in CMMC: What They Are, What They Allow, and What They Don't
Plans of Action and Milestones in CMMC 2.0, when they're permitted, the specific controls eligible for POA&Ms, and time limits.
Privacy
CCPA vs CPRA: What Changed and What You Need to Do
The expansion from CCPA to CPRA, new rights for consumers, new obligations for businesses, and the California Privacy Protection Agency.
HIPAA & AI
Do AI Vendors Need to Sign a BAA? The Answer Is More Complex Than You Think
When BAAs are required for AI tools, when they aren't, what to do when a vendor refuses to sign one, and the gray areas regulators are still working out.
CMMC
CMMC Level 1 vs Level 2: How to Know Which One You Need
The contract-driven decision framework. How to read your contract to determine your CMMC level, what each level requires, and the cost difference.