CMMC Level 2 Self-Assessment Analysis

Our sponsor, Kieri Solutions, has released an in-depth review and analysis of CMMC Level 2 Self-Assessments according to the CMMC Proposed Rule. Not official guidance for CMMC Proposed Rule This paper is for educational purposes and is not authoritative in Read More

Webinar – CMMC Proposed Rule Review

Our sponsor, Kieri Solutions, produced this webinar to review the hottest topics of the CMMC Proposed Rule. Thanks to Vincent Scott, Brian Hubbard, Jil Wright, and Amira Armond (all Certified CMMC Assessors and Instructors) for providing insightful review and commentary! Read More

Is GCC-High required to pass CMMC?

Amira Armond (CMMC Instructor, Certified CMMC Assessor, President Kieri Solutions) answers the question “Is GCC-High required to pass a CMMC assessment?” This is actually an explanation of what the FedRAMP program is and is not. This video is meant for Read More

Joint Surveillance Assessment – what is it like?

This is an interview with Jose Rojas (TTC) and Ozzie Saeed (IntelliGRC) about their experience being assessed by Kieri Solutions, an Authorized C3PAO, as part of the Joint Surveillance Voluntary assessment program. Other than the obvious congratulations to both of Read More

Why so few Defense contractors are compliant

๐‡๐จ๐ฐ ๐ฅ๐จ๐ง๐  ๐๐จ๐ž๐ฌ ๐ข๐ญ ๐ญ๐š๐ค๐ž ๐š ๐œ๐จ๐ฆ๐ฉ๐š๐ง๐ฒ ๐ญ๐จ ๐ ๐จ ๐›๐š๐ง๐ค๐ซ๐ฎ๐ฉ๐ญ ๐ข๐ญ ๐ฐ๐ก๐ž๐ง ๐œ๐š๐ง’๐ญ ๐ฐ๐ข๐ง ๐ฐ๐จ๐ซ๐ค? One year? Two? Three? Let me tell you a story about how a system of perverse incentives caused our current cybersecurity situation in the Defense Read More

Podcast – increasing the likelihood of passing CMMC assessments

This podcast by Omnistruct features Amira Armond, John Riley, and George Usi. Recorded in May-June 2023. They discuss the basics of CMMC, the “hardest” requirement (FIPS of course), the aspects that contractors have the most difficulty with, and the status Read More

CMMC Scoping for Level 2

This video is provided by Amira Armond and Jil Wright (CMMC Provisional Assessors and Provisional Instructors) from Kieri Solutions, an Authorized C3PAO. Topics discussed in the video are: This content is way more than the CCP course blueprint covers and more in-depth than what is Read More

CMMC Scoping for Level 1

This video is provided by Amira Armond and Jil Wright (CMMC Provisional Assessors and Provisional Instructors) from Kieri Solutions, an Authorized C3PAO. Topics included are: Enjoy, and don’t forget to subscribe to our YouTube channel for lots of other CMMC Read More

Excuses that won’t work for your CMMC assessment

Public Safety Announcement forย #CMMCย and DIBCAC assessments of 800-171 compliance. “My _________ is scheduled to occur in January and we haven’t reached January yet.” – said too many Organizations Seeking Certification Do not try to use this excuse to explain why Read More

Lessons learned from two (three?) DIBCAC assessments

On behalf of CMMCAudit.org, I’m excited to share this interview withย Jake Williamsย about his lessons learned from two DIBCAC assessments of DFARS 252.204-7012 and NIST SP 800-171 compliance. This video is packed with actionable information about what to expect during assessments. Read More

Trends in 800-171 reporting and SPRS scores

Author: Amira Armond, the president of Kieri Solutions – an authorized CMMC Third Party Assessment Organization (C3PAO) providing CMMC assessments, CMMC consulting, and Compliance Documentation packages designed for small/medium business. This graphic depicts my personal experience talking with defense contractors Read More

MSPs and CMMC Compliance

Are you using a Managed Service Provider for your CMMC-compliant information system? Are you a Managed Service Provider with defense contractor clients? This article discusses the risks and pitfalls of having an MSP “in-scope” during your CMMC assessment, and gives Read More

CMMC-AB Jeff Dalton – the CMMC Assessment Process – Part 1

Interview with Jeff Dalton (CMMC-AB) about CMMC assessments. Who is authorized to perform assessments? When should you do a pre-assessment? Can you fix issues found during an assessment?

CMMC Level 1 certification and preparation (how-to)

If you are reading this article, you are probably the owner of a small DoD contracting company.  You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office.  You might be Read More

Webinar on CMMC Level 1 by the Software Engineering Institute (CMU)

This webinar is a great resource for organizations no matter what CMMC level you expect to need. It is released by Carnegie Mellon University’s Software Engineering Institute. This is the organization that helped the DoD develop the original CMMC model. Read More

Where is the Easy Button for CMMC? Why MSPs may be the solution.

CMMC and DFARS compliance is too expensive for small businesses. This article describes “easy button” solutions such as a CMMC MSP, using …