Interview with Jeff Dalton (CMMC-AB) about CMMC assessments. Who is authorized to perform assessments? When should you do a pre-assessment? Can you fix issues found during an assessment?
CMMC news for January 5, 2021. C3PAOs need FedRAMP High clouds. Assessment Guides > Appendixes. Congress mandates CMMC assessments against…
This page is an index of LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.
This interview with Regan Edens (CMMC-AB Chairman of the Standards Management Committee) clarifies clouds and CMMC, FedRAMP, and DFARS questions for Organizations Seeking Certification (OSCs)
The CMMC Level 3 Assessment Guide is published! Video about how to read and use it. Critical review of the guide by Amira Armond.
Second interview with Jeff Dalton (CMMC-AB) and Amira Armond (CMMCAudit.org) on the topics of C3PAOs, CAs, Instructors, and Ethics
Video explanation from the authors of the CMMC Level 1 Assessment Guide (CMU-SE), and review by CMMCaudit.org
This article is an in-depth review of the CMMC Level 2 Requirement RM.2.142 on the topic of vulnerability scanning. I break out frequently asked questions and reference other requirements that are related to vulnerability scanning. This requirement also applies to current DFARS 252.204-7012 and NIST SP 800-171 organizations that hold CUI
Jeff Dalton from the CMMC Accreditation Body Board of Directors was kind enough to provide answers to my burning questions about…
This webinar is a great resource for organizations no matter what CMMC level you expect to need. It is released by Carnegie Mellon University’s Software Engineering Institute. This is the organization that helped the DoD develop the original CMMC model. Read More
Hello all, Lots of different topics in this news article. I hope they help you! – Amira Armond Registered Practitioners and RPOs are official! The CMMC-AB started releasing badges to Registered Practitioners on November 17th. If you are a Registered Read More
CMMC and DFARS compliance is too expensive for small businesses. This article describes “easy button” solutions such as a CMMC MSP, using …
Answers to common questions about how to submit your NIST SP 800-171 self assessment to SPRS. Register an account, how to handle multiple…
Hello all, Here are the latest third party articles and topics regarding CMMC, DFARS, and NIST 800-171 compliance. Best of luck in your compliance journey! – Amira DFARS 7012 , 7019, 7020 DoD Self Assessments Due This list has some Read More
In-depth article about CMMC basics such as where it came from, what purpose it is trying to achieve, timeframe for rollout, and…
This article gives advice on how a quality cyber-awareness training program helps your organization meet 19+ CMMC practice requirements
This webinar is published by Carnegie Mellon University’s Software Engineering Institute (SEI) – the co-authors of the CMMC Model. Their guidance about the CMMC should be considered authoritative. At CMMC level 2 and above, organizations are expected to have policies Read More
Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on October 19, 2020 The concept of creating a “CMMC Kill Chain” started off as a bit of a dare… kind Read More
This video from Carnegie Mellon Software Engineering Institute (co-authors of the CMMC Model) discusses CMMC Level 4 Maturity. The specific topic is CMMC requirement ML.4.996 “Review and measure [DOMAIN NAME] activities for effectiveness” SEI Blog: https://insights.sei.cmu.edu/sei_blog/cybersecurity-maturity-model-certification-cmmc/
Why is there a page for DFARS 252.204-7012 on a CMMC website? DFARS 252.204-7012 is a contract requirement for defense contractors that handle or might handle Controlled Unclassified Information (CUI). Unlike the CMMC, DFARS 7012 is currently required and should Read More
Why is there a page for NIST SP 800-171 on a CMMC website? The NIST standard, as described in a document named “NIST Special Publication 800-171” is a set of 110 security best practices that are CURRENTLY required for all Read More