Amira Armond, Author at CMMC Audit Preparation

C3PAO CMMC Level 2 Assessments

Posted on May 10, 2023May 10, 2023 by Amira Armond

On behalf of CMMCAudit.org, I’m excited to share this interview with Kyle Lai about his lessons learned from the CMMC Level 2 assessment performed by DCMA DIBCAC against his C3PAO: KLC Consulting. This video is packed with actionable information about how CMMC Level 2 assessments are performed. We compared and contrasted between the assessment that Read More

CMMC Scoping for Level 2

Posted on May 2, 2023May 2, 2023 by Amira Armond

This video is provided by Amira Armond and Jil Wright (CMMC Provisional Assessors and Provisional Instructors) from Kieri Solutions, an Authorized C3PAO. Topics discussed in the video are: This content is way more than the CCP course blueprint covers and more in-depth than what is normally covered in CCA courses! If you haven’t seen it yet, go watch the CMMC Read More

CMMC Scoping for Level 1

Posted on May 2, 2023May 2, 2023 by Amira Armond

This video is provided by Amira Armond and Jil Wright (CMMC Provisional Assessors and Provisional Instructors) from Kieri Solutions, an Authorized C3PAO. Topics included are: Kieri Solutions is an Authorized C3PAO providing CMMC and 800-171 assessment and preparation services. They offer a unique package of CMMC documentation templates called the Kieri Compliance Documentation (KCD) which Read More

3.6.3 Test the Organizational Incident Response Capability

Posted on April 28, 2023 by Amira Armond

This was originally posted on LinkedIn. Check the original post and community discussion here! On to the next requirement! 3.6.3 𝐓𝐞𝐬𝐭 𝐭𝐡𝐞 𝐨𝐫𝐠𝐚𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧𝐚𝐥 𝐢𝐧𝐜𝐢𝐝𝐞𝐧𝐭 𝐫𝐞𝐬𝐩𝐨𝐧𝐬𝐞 𝐜𝐚𝐩𝐚𝐛𝐢𝐥𝐢𝐭𝐲. This is post #5 in my series analyzing the top ten failed / misunderstood NIST SP 800-171 and #CMMC requirements according to DIBCAC. Incident response testing is the 9th most “other Read More

3.4.1 Establish / Maintain Baseline Configurations

Posted on April 28, 2023April 28, 2023 by Amira Armond

This series reviews the top failed (misunderstood) 800-171 and CMMC requirements. Originally posted on LinkedIn – check the start of series here for community conversation and thoughts! 3.4.1 𝐄𝐬𝐭𝐚𝐛𝐥𝐢𝐬𝐡/𝐦𝐚𝐢𝐧𝐭𝐚𝐢𝐧 𝐛𝐚𝐬𝐞𝐥𝐢𝐧𝐞 𝐜𝐨𝐧𝐟𝐢𝐠𝐮𝐫𝐚𝐭𝐢𝐨𝐧𝐬 This one is both commonly misunderstood and difficult to implement, even though it can be 100% a manual process. First, the requirement language is split into two Read More

Excuses that won’t work for your CMMC assessment

Posted on April 26, 2023April 26, 2023 by Amira Armond

Public Safety Announcement for #CMMC and DIBCAC assessments of 800-171 compliance. “My _________ is scheduled to occur in January and we haven’t reached January yet.” – said too many Organizations Seeking Certification Do not try to use this excuse to explain why you lack evidence for performing an 800-171 requirement! Your assessor will not be sympathetic. What Read More

Top 10 “Other than satisfied” 800-171 requirements

Posted on April 25, 2023April 25, 2023 by Amira Armond

At Cloud Security and Compliance Series – CS2 Huntsville, Nick Delrosso’s presentation included the “Top 10 Other Than Satisfied Requirements”. Nick Delrosso represents the DCMA’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) which has been performing cybersecurity assessments on contractors for the last few years. Top 10 failed… This is the list of the top ten 800-171 Read More

When is a FIPS Validated Module required?

Posted on April 20, 2023April 20, 2023 by Amira Armond

This video from Amira Armond and Jillian Wright (both Kieri Solutions Provisional Assessors and Instructors), explains when FIPS 140-2 validated modules are required to be used by CMMC Level 2 / NIST SP 800-171. It also explains when FIPS is NOT required. Hint: you do not need FIPS for everything. Enjoy! Reference: NIST Cryptographic Module Read More

Lessons learned from two (three?) DIBCAC assessments

Posted on April 18, 2023April 18, 2023 by Amira Armond

On behalf of CMMCAudit.org, I’m excited to share this interview with Jake Williams about his lessons learned from two DIBCAC assessments of DFARS 252.204-7012 and NIST SP 800-171 compliance. This video is packed with actionable information about what to expect during assessments. We compared and contrasted between defense contractor 800-171 assessments and the CMMC assessment that Kieri Read More

CMMC Annual Compliance Tasks

Posted on December 10, 2022December 10, 2022 by Amira Armond

This article discusses six annual CMMC compliance tasks that are ideal for the quiet holiday season

Trends in 800-171 reporting and SPRS scores

Posted on November 30, 2022November 30, 2022 by Amira Armond

Author: Amira Armond, the president of Kieri Solutions – an authorized CMMC Third Party Assessment Organization (C3PAO) providing CMMC assessments, CMMC consulting, and Compliance Documentation packages designed for small/medium business. This graphic depicts my personal experience talking with defense contractors about their 800-171 and CMMC compliance (and what score they entered in SPRS) over the Read More

MSPs and CMMC Compliance

Posted on November 30, 2022November 30, 2022 by Amira Armond

Are you using a Managed Service Provider for your CMMC-compliant information system? Are you a Managed Service Provider with defense contractor clients? This article discusses the risks and pitfalls of having an MSP “in-scope” during your CMMC assessment, and gives tips for a better experience. This article is provided by our sponsor, Kieri Solutions, an authorized Read More

Are you ready for CMMC Assessment?

Posted on November 18, 2022November 18, 2022 by Amira Armond

This article is provided by our sponsor, Kieri Solutions, an authorized CMMC Third Party Assessment Organization (C3PAO). Kieri Solutions provides assessment services, high-quality CMMC consulting, and an easy to use compliance documentation package geared toward small and medium businesses. CMMC assessments are expensive! Don’t volunteer for assessment if you won’t pass. This article describes 11 Read More

CMMC Scope – are you ready for an assessment?

Posted on November 18, 2022November 18, 2022 by Amira Armond

This article gives examples and explanations of how to identify your CMMC scope to an assessor when you are planning…

CMMC 2.0 Scoping Scenarios Analysis

Posted on January 19, 2022June 5, 2022 by Amira Armond

This detailed analysis of the CMMC Scoping Guide for Level 2 is meant for educational purposes only. It discusses 12 common scenarios and gives recommendations for scoping.

CMMC 2.0 is here – what changes in CMMC?

Posted on November 4, 2021November 9, 2021 by Amira Armond

CMMC 2.0 is released, what changes? This article is being updated as more information comes out. The DoD just announced major…

Does CMMC enforce FedRAMP and other CUI protections?

Posted on September 4, 2021September 4, 2021 by Amira Armond

Will CMMC assessors stick to just the CMMC requirements or will they review your compliance to CUI-specified handling and other regulations?

Defining authorized – a key concept in CMMC

Posted on July 23, 2021July 23, 2021 by Amira Armond

The term authorized is used across 40 different assessment objectives in the CMMC. Do you know what it means? How do you show it?

The underestimated .998’s – procedure requirements for CMMC

Posted on July 11, 2021July 12, 2021 by Amira Armond

CMMC Level 3 wants procedures, AKA the 998 requirements, but what does that actually mean? And what is necessary to pass?

CMMC News – July 2, 2021

Posted on July 2, 2021July 5, 2021 by Amira Armond

CMMC News rollup for July 2, 2021. Town hall recap. Industry Advisory Council review. C3PAO Stakeholder Forum, and other…

Is CMMC dead? Why the delays?

Posted on June 14, 2021June 15, 2021 by Amira Armond

Concerns that CMMC is “dead” were recently buoyed by DoD spokespeople no longer participating in…

C3PAO Authorization Levels Explained

Posted on June 13, 2021June 15, 2021 by Amira Armond

The first CMMC Assessment Organization is “Approved!” But what does that mean, and why is that different from the rest of the C3PAOs?

CMMC News – May 30, 2021

Posted on May 30, 2021May 30, 2021 by Amira Armond

Current status of CMMC such as the schedule for CMMC scoping guidance, DFARS final rule. The Space Force contract that requires CMMC Level 3…

CMMC News – April 24, 2021

Posted on April 25, 2021April 25, 2021 by Amira Armond

CMMC news about inheriting cybersecurity from cloud providers, C3PAOs moved to “candidate” status, the next Town Hall meeting, the DFARS Final Rule coming out in May…

Top 5 misconceptions about building a CMMC Level 3 network

Posted on April 13, 2021April 25, 2021 by Amira Armond

Almost every defense contractor makes one or more of these design errors when they start building their CMMC Level 3 network

CMMC News – March 22, 2021

Posted on March 22, 2021April 5, 2021 by Amira Armond

Hello all, here is the news from the last few weeks. Not a whole lot going on in public or officially, but it feels like we are getting close to some major milestones. CMMC Town Hall from February https://cmmcab.org/videos/cmmc-town-hall-february-2021/ According to last month’s CMMC Town Hall, the DoD is actively working on defining scope. OT Read More

Author: Amira Armond