Policy templates and tools for CMMC and 800-171

This page has links and reviews of available templates and tools relating to the CMMC and NIST SP 800-171 **Updated October 23, 2020** Please help others in the community by leaving a comment with resource links! Warning – Assessment / Read More

DFARS 252.204-7012 or 252.204-7021 enforces NIST 800-171 and CMMC

If you are a Defense Contractor that handles Controlled Unclassified Information (CUI), this news is going to be very important for you. DFARS 252.204-7012 Interim Rule Yesterday, the DoD released an interim rule to the Defense Federal Acquisition Rules Supplement Read More

CMMC News Rollup – August 26, 2020

DFARS rule update for CMMC The acquisitions office has proposed an amendment to DFARS 252.204-7012, which is the contract rule that currently requires a high level of cybersecurity for the majority of Defense Contractors. The amendment is expected to replace Read More

When is a conformity assessment not a conformity assessment? (hint – it is CMMC)

Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on August 13, 2020 This episode of Coffee Thoughts With Tom addresses CMMC as a conformity assessment, since conformity assessments are intended Read More

What is FCI in CMMC and how does it affect scope?

The Cybersecurity Maturity Model Certification references “FCI”.   What is this abbreviation? FCI in CMMC stands for “Federal Contract Information”. FCI is “Information not intended for public release. It is provided by or generated by for the Government under a Read More

CMMC Rollout Status – Taking stock (July 31, 2020)

Editor’s note: This article gives a timely update on the laws and processes governing CMMC enforcement. To this point, there has not been official requirement for CMMC in the Federal Acquisition Regulation (FAR) or Defense Federal Acquisition Regulation Supplement (DFARS). Read More

CMMC news: CMMC AB opens registration for C3PAOs and Assessors

Hello all, The CMMC Accreditation Body has opened new pages on their website to give information about registering as a C3PAO  (Certified Third Party Assessor Organization) and as an Assessor.   They also have information about becoming a ‘registered practitioner’ or Read More

CMMC Level 1 certification and preparation (how-to)

If you are reading this article, you are probably the owner of a small DoD contracting company.  You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office.  You might be Read More

CMMC PS.2.127 Personnel Screening and US Citizen discussion

The CMMC version 1.0 has the following security requirement. CMMC Personnel Security (PS) PS.2.127 (Level 2) “Screen individuals prior to authorizing access to organizational systems containing CUI.” This is a Level 2 requirement. There are no level 3, 4, or Read More

Remote Management & Access Tools for 800-171 and CMMC

A question came up today from a client that has a large remote workforce. “How can my help desk manage end user devices while staying compliant with 800-171 and CMMC?” For example, can we use remote access tools like LogMeIn Read More