This detailed analysis of the CMMC Scoping Guide for Level 2 is meant for educational purposes only. It discusses 12 common scenarios and gives recommendations for scoping.
This article gives examples and explanations of how to identify your CMMC scope to an assessor when you are planning…
Will CMMC assessors stick to just the CMMC requirements or will they review your compliance to CUI-specified handling and other regulations?
The term authorized is used across 40 different assessment objectives in the CMMC. Do you know what it means? How do you show it?
CMMC Level 3 wants procedures, AKA the 998 requirements, but what does that actually mean? And what is necessary to pass?
Achieving Cloud Compliance in the Age of CMMC, CUI, and DFARS 7012: How secure are your cloud vendors?
Almost every defense contractor makes one or more of these design errors when they start building their CMMC Level 3 network
This is Part 3 of our CMMC Assessment series with Jeff Dalton (the lead trainer of the CMMC Provisional Assessors). Q&A about assessments!
This page has links and reviews of available templates and tools relating to the CMMC and NIST SP 800-171 **Updated February 10, 2021** Please help others in the community by leaving a comment with resource links! Warning – Assessment / Read More
Second interview with Jeff Dalton (CMMC-AB) about the CMMC assessment process. Topics relevant to every defense contractor, non-technical.
This article is a deep-dive on CMMC practice SC.1.175 which requires control and monitoring of communications at external boundaries and…
This article is provided by Kieri Solutions, a CMMC C3PAO candidate. Thanks to them for sharing some of the secret sauce! This article is meant to provide short explanations on topics that are commonly misunderstood (and not performed correctly) by Read More
If you are reading this article, you are probably the owner of a small DoD contracting company. You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office. You might be Read More
This page describes how to find the CMMC requirements, how to interpret them, and how to start preparing for an outside audit. It explains how to read the CMMC document and how your team or an auditor would check each Read More
This page is an index of LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.
This interview with Regan Edens (CMMC-AB Chairman of the Standards Management Committee) clarifies clouds and CMMC, FedRAMP, and DFARS questions for Organizations Seeking Certification (OSCs)
The CMMC Level 3 Assessment Guide is published! Video about how to read and use it. Critical review of the guide by Amira Armond.
Video explanation from the authors of the CMMC Level 1 Assessment Guide (CMU-SE), and review by CMMCaudit.org
This article is an in-depth review of the CMMC Level 2 Requirement RM.2.142 on the topic of vulnerability scanning. I break out frequently asked questions and reference other requirements that are related to vulnerability scanning. This requirement also applies to current DFARS 252.204-7012 and NIST SP 800-171 organizations that hold CUI
This webinar is a great resource for organizations no matter what CMMC level you expect to need. It is released by Carnegie Mellon University’s Software Engineering Institute. This is the organization that helped the DoD develop the original CMMC model. Read More
CMMC and DFARS compliance is too expensive for small businesses. This article describes “easy button” solutions such as a CMMC MSP, using …
This article gives advice on how a quality cyber-awareness training program helps your organization meet 19+ CMMC practice requirements
This webinar is published by Carnegie Mellon University’s Software Engineering Institute (SEI) – the co-authors of the CMMC Model. Their guidance about the CMMC should be considered authoritative. At CMMC level 2 and above, organizations are expected to have policies Read More
Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on October 19, 2020 The concept of creating a “CMMC Kill Chain” started off as a bit of a dare… kind Read More
This video from Carnegie Mellon Software Engineering Institute (co-authors of the CMMC Model) discusses CMMC Level 4 Maturity. The specific topic is CMMC requirement ML.4.996 “Review and measure [DOMAIN NAME] activities for effectiveness” SEI Blog: https://insights.sei.cmu.edu/sei_blog/cybersecurity-maturity-model-certification-cmmc/
As the CMMC ecosystem grows, it is starting to get hard to track all the key players and concepts. This page is meant as an easy to understand “who’s who” and “what’s what” for the CMMC. This CMMC glossary of Read More
The CMMC version 1.0 has the following security requirement. CMMC Personnel Security (PS) PS.2.127 (Level 2) “Screen individuals prior to authorizing access to organizational systems containing CUI.” This is a Level 2 requirement. There are no level 3, 4, or Read More
As promised, the Cybersecurity Maturity Model Certification (CMMC) version 1.0 was released to the public on January 31, 2020. The document should be stable at this point. Cybersecurity leads for defense contractors need to read through it as soon as Read More
A question came up today from a client that has a large remote workforce. “How can my help desk manage end user devices while staying compliant with 800-171 and CMMC?” For example, can we use remote access tools like LogMeIn Read More