This post was originally written in September 2020. It was updated in July 2024. In September 2020, I took the Cyber-AB’s Registered Practitioner training course. We aren’t allowed to reproduce the content, so you won’t learn any secrets from me, Read More
Category: CMMC Professionals
How to become a CMMC assessor or auditor
The latest information about how to become a CMMC auditor or certifier. Registrations are open for assessors, C3PAOs, and CMMC practitioners…
Policy templates and tools for CMMC and 800-171
This page has links and reviews of available templates and tools relating to the CMMC and NIST SP 800-171 **Updated April 3, 2024** Please help others in the community by leaving a comment with resource links! Policies Templates Kieri Compliance Read More
What is “Certified” as the result of assessment??
What exactly is “certified” when you go through a CMMC or Joint Surveillance assessment, or when you self-assess your environment and report it to the DoD? What does it mean when you want to bid on contracts using this certification? Read More
CMMC assessment? Don’t let pride take you down
Getting CMMC assessed? Some advice.. Listen to your assessor If we say that your evidence isn’t related to the requirement being inspected, or especially the critical words “I think you have misinterpreted this requirement”, instead of getting mad, take a Read More
FedRAMP “Equivalent” Memo released
Must read for anyone with DFARS 252.204-7012 in their contract! FedRAMP equivalent is defined for DFARS 252.204-7012 Summary: FedRAMP Equivalency, as used in DFARS 252.204-7012, means that the cloud provider has been third-party-validated, with a full audit, by a FedRAMP Read More
CMMC Level 2 Self-Assessment Analysis
Our sponsor, Kieri Solutions, has released an in-depth review and analysis of CMMC Level 2 Self-Assessments according to the CMMC Proposed Rule. Not official guidance for CMMC Proposed Rule This paper is for educational purposes and is not authoritative in Read More
How the secret sauce is made – one practice, one hour
How does a defense contractor create a plan to perform each requirement in CMMC and NIST SP 800-171? Will you fail if you don’t write policy statements which regurgitate each requirement in a ‘shall” form? AKA “???????????? ???????? ??? ??? Read More
What are Spot Checks for?
???? ?????????? ???? ?????? “?? ??????????’? ????-????? ???????? ????????, ??????????, ??? ????????? ????????????? ?? ????? ???????? ????? ????????? ????? ????? ??????, ??? ???????? ??? ??????? ? ??????? ???? ????? ?? ???????? ?????. ??? ??????? ???? ?????(?) ????? ??? ?????????? ???????? ??? Read More
Excuses that won’t work for your CMMC assessment
Public Safety Announcement for #CMMC and DIBCAC assessments of 800-171 compliance. “My _________ is scheduled to occur in January and we haven’t reached January yet.” – said too many Organizations Seeking Certification Do not try to use this excuse to explain why Read More
Top 10 “Other than satisfied” 800-171 requirements
At Cloud Security and Compliance Series – CS2 Huntsville, Nick Delrosso’s presentation included the “Top 10 Other Than Satisfied Requirements”. Nick Delrosso represents the DCMA’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) which has been performing cybersecurity assessments on contractors for the Read More
Lessons learned from two (three?) DIBCAC assessments
On behalf of CMMCAudit.org, I’m excited to share this interview with Jake Williams about his lessons learned from two DIBCAC assessments of DFARS 252.204-7012 and NIST SP 800-171 compliance. This video is packed with actionable information about what to expect during assessments. Read More
CMMC Annual Compliance Tasks
This article discusses six annual CMMC compliance tasks that are ideal for the quiet holiday season
CMMC 2.0 Scoping Scenarios Analysis
This detailed analysis of the CMMC Scoping Guide for Level 2 is meant for educational purposes only. It discusses 12 common scenarios and gives recommendations for scoping.
Defining authorized – a key concept in CMMC
The term authorized is used across 40 different assessment objectives in the CMMC. Do you know what it means? How do you show it?
C3PAO Authorization Levels Explained
The first CMMC Assessment Organization is “Approved!” But what does that mean, and why is that different from the rest of the C3PAOs?
DFARS 252.204-7012 – Part 1, CDI and Covered Info Systems
A guided review of DFARS 252.204-7012 covering the topics: What is a covered contractor information system? What is Covered Defense Information?
System Security Plan for 800-171 and CMMC
How to video and training on what a System Security Plan is, what it is used for, and what a high quality one looks like!
CAICO and current state of CMMC training – Ben Tchoubineh (CMMC-AB)
This Q&A session with Ben Tchoubineh (CMMC-AB Chair, Training Committee) delves deeply into the CAICO and current state of CMMC training
CMMC Assessment Part 3 – Interview with Jeff Dalton
This is Part 3 of our CMMC Assessment series with Jeff Dalton (the lead trainer of the CMMC Provisional Assessors). Q&A about assessments!
CMMC-AB Jeff Dalton – the CMMC Assessment Process – Part 1
Interview with Jeff Dalton (CMMC-AB) about CMMC assessments. Who is authorized to perform assessments? When should you do a pre-assessment? Can you fix issues found during an assessment?
CMMC Capabilities Discussion Home
This page describes how to find the CMMC requirements, how to interpret them, and how to start preparing for an outside audit. It explains how to read the CMMC document and how your team or an auditor would check each Read More
Conversations from LinkedIn
This page is an index of LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.
CMMC-AB Regan Edens interview on DFARS, FedRAMP, and AB authority
This interview with Regan Edens (CMMC-AB Chairman of the Standards Management Committee) clarifies clouds and CMMC, FedRAMP, and DFARS questions for Organizations Seeking Certification (OSCs)
CMMC Level 3 Assessment Guide Webinar and Review
The CMMC Level 3 Assessment Guide is published! Video about how to read and use it. Critical review of the guide by Amira Armond.
CMMC-AB Jeff Dalton Interview #2 – C3PAOs, CAs, Instructors, Ethics
Second interview with Jeff Dalton (CMMC-AB) and Amira Armond (CMMCAudit.org) on the topics of C3PAOs, CAs, Instructors, and Ethics
Registered Practitioner Home
CMMC Registered Practitioner is abbreviated “CMMC RP” The CMMC RP is a person who pays $500 a year to the Cyber-AB to be advertised as someone who can help companies prepare for the CMMC. Here are the benefits of working Read More
CMMC Level 1 Assessment Guide and Review
Video explanation from the authors of the CMMC Level 1 Assessment Guide (CMU-SE), and review by CMMCaudit.org
Answers about C3PAOs, Assessors, and other CMMC Professional questions
Jeff Dalton from the CMMC Accreditation Body Board of Directors was kind enough to provide answers to my burning questions about…
Introducing the CMMC Kill Chain – Zero to full compliance
Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on October 19, 2020 The concept of creating a “CMMC Kill Chain” started off as a bit of a dare… kind Read More