Amira Armond from Kieri Solutions – Authorized C3PAO, and Bobby Guerra from Axiom.tech talk about CMMC scoping. Topics discussed: This podcast by Climbing Mount CMMC is oriented toward education for Managed Services Providers who support clients in the Defense Industrial Read More
Category: CMMC Technical Practices
NCDMM one of first companies to get “110” JSVA
What it is like to be CMMC assessed by Kieri Solutions? Want to learn about the great work that National Center for Defense Manufacturing & Machining (NCDMM) is doing with over 200 Alliance Partners? Check out this interview with Jason Read More
Top 5 misconceptions about building a CMMC Level 2 network
Almost every defense contractor makes one or more of these design errors when they start building their CMMC Level 3 network
Policy templates and tools for CMMC and 800-171
This page has links and reviews of available templates and tools relating to the CMMC and NIST SP 800-171 **Updated April 3, 2024** Please help others in the community by leaving a comment with resource links! Policies Templates Kieri Compliance Read More
When do you need a new assessment? What can change?
Information systems are constantly changing. Especially if they are functional, production systems, supporting real use. Workstations and servers break. Technology becomes obsolete. New solutions are implemented in response to changing functional requirements. One thing we don’t know, in the CMMC Read More
How the secret sauce is made – one practice, one hour
How does a defense contractor create a plan to perform each requirement in CMMC and NIST SP 800-171? Will you fail if you don’t write policy statements which regurgitate each requirement in a ‘shall” form? AKA “???????????? ???????? ??? ??? Read More
What does “monitor” mean in CMMC?
Logan Therrien and Amira Armond from Kieri Solutions (an Authorized C3PAO) discuss the concept of monitoring and how it is evaluated by CMMC assessors. Several assessment objectives in CMMC Level 2 require monitoring. ? the physical facility where organizational systems Read More
3.13.11 FIPS 140-2 Validated Cryptography
It is time, finally, to talk about the #1 “Other than Satisfied” requirement in 800-171, per historic DIBCAC assessments. ? ? ? ???? 140-2 ????????? ??????? ? ? ? Listen up – I’m going to tell you how to succeed Read More
3.5.3 Multifactor Authentication
Multifactor Authentication: #2 of the top 10 “Other than Satisfied Requirements” for 800-171 assessments by DIBCAC. ??? ??????????? ?????????????? ??? ????? ??? ??????? ?????? ?? ?????????? ???????? ??? ??? ??????? ?????? ?? ???-?????????? ????????. My theory is that most of Read More
3.14.1 Identify, report, correct system flaws
Continuing the Top 10 “Other than Satisfied Requirements” for 800-171 assessments by DIBCAC. “????????, ??????, ??? ??????? ??????????? ??? ??????????? ?????? ????? ?? ? ?????? ??????.” This is the third most “Other than Satisfied” requirement. 3.14.1 is both misunderstood and Read More
3.11.1 Periodically assess the risk to organizational operations
3.11.1 ???????????? ?????? ????…This is the fourth-most “Other than satisfied” #CMMC requirement. Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or Read More
3.11.2 Scan for Vulnerabilities
Scan for vulnerabilities….This the fifth-most “Other than satisfied” #CMMC requirement with an 18% fail rate. 3.11.2 ???? ??? ??????????????? ?? ?????????????? ??????? ??? ???????????? ???????????? ??? ???? ??? ??????????????? ????????? ????? ??????? ??? ???????????? ??? ??????????. “?????????????? ???????”…This is an example of Read More
3.3.3 Review and Update Logged Events
This is #6 in the series of most common failed requirements as assessed by the DoD’s Cyber Assessment Center. This requirement is another example of misunderstanding == failing (alongside the other top 10 requirements). Most people do not understand what Read More
3.3.4 Audit Logging Process Failure
Continuing the Top 10 Failed Requirements for 800-171! Onward to #7: 3.3.4 “????? ?? ??? ????? ?? ?? ????? ??????? ??????? ???????.” Sit with me while I tell a story… ?? ???????????? ????????? ???? ???? ???? ???????? ??????? ?????????? ??????? Read More
3.3.5 Correlate Audit Processes
NIST SP 800-171 3.3.5 ????????? ????? ?????? ??????, ????????, ??? ????????? ????????? ??? ????????????? ??? ???????? ?? ??????????? ?? ????????, ????????????, ??????????, ?? ??????? ????????. This is the 8th most likely requirement to be “other than satisfied” by defense contractors, according Read More
CMMC Scoping for Level 2
This video is provided by Amira Armond and Jil Wright (CMMC Provisional Assessors and Provisional Instructors) from Kieri Solutions, an Authorized C3PAO. Topics discussed in the video are: This content is way more than the CCP course blueprint covers and more in-depth than what is Read More
CMMC Scoping for Level 1
This video is provided by Amira Armond and Jil Wright (CMMC Provisional Assessors and Provisional Instructors) from Kieri Solutions, an Authorized C3PAO. Topics included are: Enjoy, and don’t forget to subscribe to our YouTube channel for lots of other CMMC Read More
3.6.3 Test the Organizational Incident Response Capability
This was originally posted on LinkedIn. Check the original post and community discussion here! On to the next requirement! 3.6.3 ???? ??? ?????????????? ???????? ???????? ??????????. This is post #5 in my series analyzing the top ten failed / misunderstood Read More
3.4.1 Establish / Maintain Baseline Configurations
This series reviews the top failed (misunderstood) 800-171 and CMMC requirements. Originally posted on LinkedIn – check the start of series here for community conversation and thoughts! 3.4.1 ?????????/???????? ???????? ?????????????? This one is both commonly misunderstood and difficult to implement, even though Read More
Top 10 “Other than satisfied” 800-171 requirements
At Cloud Security and Compliance Series – CS2 Huntsville, Nick Delrosso’s presentation included the “Top 10 Other Than Satisfied Requirements”. Nick Delrosso represents the DCMA’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) which has been performing cybersecurity assessments on contractors for the Read More
When is a FIPS Validated Module required?
This video from Amira Armond and Jillian Wright (both Kieri Solutions Provisional Assessors and Instructors), explains when FIPS 140-2 validated modules are required to be used by CMMC Level 2 / NIST SP 800-171. It also explains when FIPS is Read More
CMMC Annual Compliance Tasks
This article discusses six annual CMMC compliance tasks that are ideal for the quiet holiday season
CMMC Scope – are you ready for an assessment?
This article gives examples and explanations of how to identify your CMMC scope to an assessor when you are planning…
CMMC, CUI, and Cloud Vendors – do you need FedRAMP?
Achieving Cloud Compliance in the Age of CMMC, CUI, and DFARS 7012: How secure are your cloud vendors?
CMMC 2.0 Scoping Scenarios Analysis
This detailed analysis of the CMMC Scoping Guide for Level 2 is meant for educational purposes only. It discusses 12 common scenarios and gives recommendations for scoping.
Does CMMC enforce FedRAMP and other CUI protections?
Will CMMC assessors stick to just the CMMC requirements or will they review your compliance to CUI-specified handling and other regulations?
Defining authorized – a key concept in CMMC
The term authorized is used across 40 different assessment objectives in the CMMC. Do you know what it means? How do you show it?
The underestimated .998’s – procedure requirements for CMMC
CMMC Level 3 wants procedures, AKA the 998 requirements, but what does that actually mean? And what is necessary to pass?
CMMC Assessment Part 3 – Interview with Jeff Dalton
This is Part 3 of our CMMC Assessment series with Jeff Dalton (the lead trainer of the CMMC Provisional Assessors). Q&A about assessments!
CMMC-AB Jeff Dalton – the CMMC Assessment Process – Part 2
Second interview with Jeff Dalton (CMMC-AB) about the CMMC assessment process. Topics relevant to every defense contractor, non-technical.