This video is provided by Amira Armond and Jil Wright (CMMC Provisional Assessors and Provisional Instructors) from Kieri Solutions, an Authorized C3PAO. Topics discussed in the video are: This content is way more than the CCP course blueprint covers and more in-depth than what is Read More
Category: CMMC Technical Practices
CMMC Scoping for Level 1
This video is provided by Amira Armond and Jil Wright (CMMC Provisional Assessors and Provisional Instructors) from Kieri Solutions, an Authorized C3PAO. Topics included are: Kieri Solutions is an Authorized C3PAO providing CMMC and 800-171 assessment and preparation services. They Read More
3.6.3 Test the Organizational Incident Response Capability
This was originally posted on LinkedIn. Check the original post and community discussion here! On to the next requirement! 3.6.3 ๐๐๐ฌ๐ญ ๐ญ๐ก๐ ๐จ๐ซ๐ ๐๐ง๐ข๐ณ๐๐ญ๐ข๐จ๐ง๐๐ฅ ๐ข๐ง๐๐ข๐๐๐ง๐ญ ๐ซ๐๐ฌ๐ฉ๐จ๐ง๐ฌ๐ ๐๐๐ฉ๐๐๐ข๐ฅ๐ข๐ญ๐ฒ. This is post #5 in my series analyzing the top ten failed / misunderstood Read More
3.4.1 Establish / Maintain Baseline Configurations
This series reviews the top failed (misunderstood) 800-171 andย CMMCย requirements. Originally posted on LinkedIn – check the start of series here for community conversation and thoughts! 3.4.1 ๐๐ฌ๐ญ๐๐๐ฅ๐ข๐ฌ๐ก/๐ฆ๐๐ข๐ง๐ญ๐๐ข๐ง ๐๐๐ฌ๐๐ฅ๐ข๐ง๐ ๐๐จ๐ง๐๐ข๐ ๐ฎ๐ซ๐๐ญ๐ข๐จ๐ง๐ฌ This one is both commonly misunderstood and difficult to implement, even though Read More
Top 10 “Other than satisfied” 800-171 requirements
At Cloud Security and Compliance Series – CS2 Huntsville, Nick Delrosso’s presentation included the “Top 10 Other Than Satisfied Requirements”. Nick Delrosso represents the DCMA’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) which has been performing cybersecurity assessments on contractors for the Read More
When is a FIPS Validated Module required?
This video from Amira Armond and Jillian Wright (both Kieri Solutions Provisional Assessors and Instructors), explains when FIPS 140-2 validated modules are required to be used by CMMC Level 2 / NIST SP 800-171. It also explains when FIPS is Read More
Policy templates and tools for CMMC and 800-171
This page has links and reviews of available templates and tools relating to the CMMC and NIST SP 800-171 **Updated December 16, 2022** Please help others in the community by leaving a comment with resource links! Defense Industrial Base Cybersecurity Read More
CMMC Annual Compliance Tasks
This article discusses six annual CMMC compliance tasks that are ideal for the quiet holiday season
CMMC Scope – are you ready for an assessment?
This article gives examples and explanations of how to identify your CMMC scope to an assessor when you are planning…
CMMC, CUI, and Cloud Vendors – do you need FedRAMP?
Achieving Cloud Compliance in the Age of CMMC, CUI, and DFARS 7012: How secure are your cloud vendors?
CMMC 2.0 Scoping Scenarios Analysis
This detailed analysis of the CMMC Scoping Guide for Level 2 is meant for educational purposes only. It discusses 12 common scenarios and gives recommendations for scoping.
Does CMMC enforce FedRAMP and other CUI protections?
Will CMMC assessors stick to just the CMMC requirements or will they review your compliance to CUI-specified handling and other regulations?
Defining authorized – a key concept in CMMC
The term authorized is used across 40 different assessment objectives in the CMMC. Do you know what it means? How do you show it?
The underestimated .998’s – procedure requirements for CMMC
CMMC Level 3 wants procedures, AKA the 998 requirements, but what does that actually mean? And what is necessary to pass?
Top 5 misconceptions about building a CMMC Level 3 network
Almost every defense contractor makes one or more of these design errors when they start building their CMMC Level 3 network
CMMC Assessment Part 3 – Interview with Jeff Dalton
This is Part 3 of our CMMC Assessment series with Jeff Dalton (the lead trainer of the CMMC Provisional Assessors). Q&A about assessments!
CMMC-AB Jeff Dalton โ the CMMC Assessment Process โ Part 2
Second interview with Jeff Dalton (CMMC-AB) about the CMMC assessment process. Topics relevant to every defense contractor, non-technical.
CMMC practice deep dives: SC.1.175
This article is a deep-dive on CMMC practice SC.1.175 which requires control and monitoring of communications at external boundaries and…
CMMC Compliance FAQs – Organizations seeking certification
This article is provided by Kieri Solutions, an Authorized CMMC Third Party Assessment Organization, offering CMMC assessment services. Thanks to them for sharing some of the secret sauce! This article is meant to provide short explanations on topics that are Read More
CMMC Level 1 certification and preparation (how-to)
If you are reading this article, you are probably the owner of a small DoD contracting company. You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office. You might be Read More
CMMC Capabilities Discussion Home
This page describes how to find the CMMC requirements, how to interpret them, and how to start preparing for an outside audit. It explains how to read the CMMC document and how your team or an auditor would check each Read More
Conversations from LinkedIn
This page is an index of LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.
CMMC-AB Regan Edens interview on DFARS, FedRAMP, and AB authority
This interview with Regan Edens (CMMC-AB Chairman of the Standards Management Committee) clarifies clouds and CMMC, FedRAMP, and DFARS questions for Organizations Seeking Certification (OSCs)
CMMC Level 3 Assessment Guide Webinar and Review
The CMMC Level 3 Assessment Guide is published! Video about how to read and use it. Critical review of the guide by Amira Armond.
CMMC Level 1 Assessment Guide and Review
Video explanation from the authors of the CMMC Level 1 Assessment Guide (CMU-SE), and review by CMMCaudit.org
CMMC RM.2.142 Scan for vulnerabilities in organizational systems
This article is an in-depth review of the CMMC Level 2 Requirement RM.2.142 on the topic of vulnerability scanning. I break out frequently asked questions and reference other requirements that are related to vulnerability scanning. This requirement also applies to current DFARS 252.204-7012 and NIST SP 800-171 organizations that hold CUI
Webinar on CMMC Level 1 by the Software Engineering Institute (CMU)
This webinar is a great resource for organizations no matter what CMMC level you expect to need. It is released by Carnegie Mellon University’s Software Engineering Institute. This is the organization that helped the DoD develop the original CMMC model. Read More
Where is the Easy Button for CMMC? Why MSPs may be the solution.
CMMC and DFARS compliance is too expensive for small businesses. This article describes “easy button” solutions such as a CMMC MSP, using …
Address 19 CMMC Practices with Cybersecurity Training
This article gives advice on how a quality cyber-awareness training program helps your organization meet 19+ CMMC practice requirements
CMMC ML.2.999 Developing an effective CMMC Policy
This webinar is published by Carnegie Mellon University’s Software Engineering Institute (SEI) – the co-authors of the CMMC Model. Their guidance about the CMMC should be considered authoritative. At CMMC level 2 and above, organizations are expected to have policies Read More