CMMC Professionals Archives | CMMC Audit Preparation

What are Spot Checks for?

Posted on July 21, 2023July 21, 2023 by Amira Armond

𝐂𝐌𝐌𝐂 𝐀𝐬𝐬𝐞𝐬𝐬𝐦𝐞𝐧𝐭 𝐒𝐩𝐨𝐭 𝐂𝐡𝐞𝐜𝐤𝐬 “𝘐𝘧 𝘤𝘰𝘯𝘵𝘳𝘢𝘤𝘵𝘰𝘳’𝘴 𝘳𝘪𝘴𝘬-𝘣𝘢𝘴𝘦𝘥 𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘱𝘰𝘭𝘪𝘤𝘪𝘦𝘴, 𝘱𝘳𝘰𝘤𝘦𝘥𝘶𝘳𝘦𝘴, 𝘢𝘯𝘥 𝘱𝘳𝘢𝘤𝘵𝘪𝘤𝘦𝘴 𝘥𝘰𝘤𝘶𝘮𝘦𝘯𝘵𝘢𝘵𝘪𝘰𝘯 𝘰𝘳 𝘰𝘵𝘩𝘦𝘳 𝘧𝘪𝘯𝘥𝘪𝘯𝘨𝘴 𝘳𝘢𝘪𝘴𝘦 𝘲𝘶𝘦𝘴𝘵𝘪𝘰𝘯𝘴 𝘢𝘣𝘰𝘶𝘵 𝘵𝘩𝘦𝘴𝘦 𝘢𝘴𝘴𝘦𝘵𝘴, 𝘵𝘩𝘦 𝘢𝘴𝘴𝘦𝘴𝘴𝘰𝘳 𝘤𝘢𝘯 𝘤𝘰𝘯𝘥𝘶𝘤𝘵 𝘢 𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘴𝘱𝘰𝘵 𝘤𝘩𝘦𝘤𝘬 𝘵𝘰 𝘪𝘥𝘦𝘯𝘵𝘪𝘧𝘺 𝘳𝘪𝘴𝘬𝘴. 𝘛𝘩𝘦 𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘴𝘱𝘰𝘵 𝘤𝘩𝘦𝘤𝘬(𝘴) 𝘴𝘩𝘢𝘭𝘭 𝘯𝘰𝘵 𝘮𝘢𝘵𝘦𝘳𝘪𝘢𝘭𝘭𝘺 𝘪𝘯𝘤𝘳𝘦𝘢𝘴𝘦 𝘵𝘩𝘦 Read More

Excuses that won’t work for your CMMC assessment

Posted on April 26, 2023April 26, 2023 by Amira Armond

Public Safety Announcement for #CMMC and DIBCAC assessments of 800-171 compliance. “My _________ is scheduled to occur in January and we haven’t reached January yet.” – said too many Organizations Seeking Certification Do not try to use this excuse to explain why Read More

Top 10 “Other than satisfied” 800-171 requirements

Posted on April 25, 2023April 25, 2023 by Amira Armond

At Cloud Security and Compliance Series – CS2 Huntsville, Nick Delrosso’s presentation included the “Top 10 Other Than Satisfied Requirements”. Nick Delrosso represents the DCMA’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) which has been performing cybersecurity assessments on contractors for the Read More

Lessons learned from two (three?) DIBCAC assessments

Posted on April 18, 2023April 18, 2023 by Amira Armond

On behalf of CMMCAudit.org, I’m excited to share this interview with Jake Williams about his lessons learned from two DIBCAC assessments of DFARS 252.204-7012 and NIST SP 800-171 compliance. This video is packed with actionable information about what to expect during assessments. Read More

Policy templates and tools for CMMC and 800-171

Posted on December 16, 2022September 26, 2023 by Amira Armond

This page has links and reviews of available templates and tools relating to the CMMC and NIST SP 800-171 **Updated December 16, 2022** Please help others in the community by leaving a comment with resource links! Defense Industrial Base Cybersecurity Read More

CMMC Annual Compliance Tasks

Posted on December 10, 2022December 10, 2022 by Amira Armond

This article discusses six annual CMMC compliance tasks that are ideal for the quiet holiday season

How to become a CMMC assessor or auditor

Posted on November 18, 2022November 18, 2022 by Amira Armond

The latest information about how to become a CMMC auditor or certifier. Registrations are open for assessors, C3PAOs, and CMMC practitioners…

CMMC 2.0 Scoping Scenarios Analysis

Posted on January 19, 2022June 5, 2022 by Amira Armond

This detailed analysis of the CMMC Scoping Guide for Level 2 is meant for educational purposes only. It discusses 12 common scenarios and gives recommendations for scoping.

Defining authorized – a key concept in CMMC

Posted on July 23, 2021July 23, 2021 by Amira Armond

The term authorized is used across 40 different assessment objectives in the CMMC. Do you know what it means? How do you show it?

C3PAO Authorization Levels Explained

Posted on June 13, 2021June 15, 2021 by Amira Armond

The first CMMC Assessment Organization is “Approved!” But what does that mean, and why is that different from the rest of the C3PAOs?

DFARS 252.204-7012 – Part 1, CDI and Covered Info Systems

Posted on March 5, 2021May 7, 2021 by Amira Armond

A guided review of DFARS 252.204-7012 covering the topics: What is a covered contractor information system? What is Covered Defense Information?

System Security Plan for 800-171 and CMMC

Posted on February 25, 2021March 6, 2023 by Amira Armond

How to video and training on what a System Security Plan is, what it is used for, and what a high quality one looks like!

CAICO and current state of CMMC training – Ben Tchoubineh (CMMC-AB)

Posted on February 12, 2021February 16, 2021 by Amira Armond

This Q&A session with Ben Tchoubineh (CMMC-AB Chair, Training Committee) delves deeply into the CAICO and current state of CMMC training

CMMC Assessment Part 3 – Interview with Jeff Dalton

Posted on February 11, 2021February 14, 2021 by Amira Armond

This is Part 3 of our CMMC Assessment series with Jeff Dalton (the lead trainer of the CMMC Provisional Assessors). Q&A about assessments!

CMMC-AB Jeff Dalton – the CMMC Assessment Process – Part 1

Posted on January 19, 2021February 14, 2021 by Amira Armond

Interview with Jeff Dalton (CMMC-AB) about CMMC assessments. Who is authorized to perform assessments? When should you do a pre-assessment? Can you fix issues found during an assessment?

CMMC Capabilities Discussion Home

Posted on January 4, 2021February 14, 2021 by Amira Armond

This page describes how to find the CMMC requirements, how to interpret them, and how to start preparing for an outside audit. It explains how to read the CMMC document and how your team or an auditor would check each Read More

Conversations from LinkedIn

Posted on December 31, 2020February 15, 2021 by Amira Armond

This page is an index of LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.

CMMC-AB Regan Edens interview on DFARS, FedRAMP, and AB authority

Posted on December 30, 2020March 8, 2021 by Amira Armond

This interview with Regan Edens (CMMC-AB Chairman of the Standards Management Committee) clarifies clouds and CMMC, FedRAMP, and DFARS questions for Organizations Seeking Certification (OSCs)

CMMC Level 3 Assessment Guide Webinar and Review

Posted on December 23, 2020February 14, 2021 by Amira Armond

The CMMC Level 3 Assessment Guide is published! Video about how to read and use it. Critical review of the guide by Amira Armond.

CMMC-AB Jeff Dalton Interview #2 – C3PAOs, CAs, Instructors, Ethics

Posted on December 18, 2020February 14, 2021 by Amira Armond

Second interview with Jeff Dalton (CMMC-AB) and Amira Armond (CMMCAudit.org) on the topics of C3PAOs, CAs, Instructors, and Ethics

Registered Practitioner Home

Posted on December 13, 2020November 18, 2022 by Amira Armond

CMMC Registered Practitioner is abbreviated “CMMC RP” The CMMC RP is a person who specializes in helping companies prepare for the CMMC. The CMMC-AB website is the official source of information about the Registered Practitioner Program. Cyber-AB Registered Practitioner Page Read More

CMMC Level 1 Assessment Guide and Review

Posted on December 9, 2020February 14, 2021 by Amira Armond

Video explanation from the authors of the CMMC Level 1 Assessment Guide (CMU-SE), and review by CMMCaudit.org

Answers about C3PAOs, Assessors, and other CMMC Professional questions

Posted on November 25, 2020December 7, 2020 by Amira Armond

Jeff Dalton from the CMMC Accreditation Body Board of Directors was kind enough to provide answers to my burning questions about…

Introducing the CMMC Kill Chain – Zero to full compliance

Posted on October 19, 2020February 14, 2021 by Amira Armond

Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on October 19, 2020 The concept of creating a “CMMC Kill Chain” started off as a bit of a dare… kind Read More

Review of CMMC Registered Practitioner Training

Posted on September 27, 2020November 18, 2022 by Amira Armond

This is a historical post from September 2020. Information on Registered Practitioners may have changed since then. You have been warned. I just finished the CMMC-AB’s Registered Practitioner training course. We aren’t allowed to reproduce the content, so you won’t Read More

CMMC Glossary, Terms, and Definitions. Who’s who in CMMC

Posted on August 13, 2020December 12, 2022 by Amira Armond

As the CMMC ecosystem grows, it is starting to get hard to track all the key players and concepts. This page is meant as an easy to understand “who’s who” and “what’s what” for the CMMC. This CMMC glossary of Read More