FedRAMP “Equivalent” Memo released

Must read for anyone with DFARS 252.204-7012 in their contract! FedRAMP equivalent is defined for DFARS 252.204-7012 Summary: FedRAMP Equivalency, as used in DFARS 252.204-7012, means that the cloud provider has been third-party-validated, with a full audit, by a FedRAMP Read More

CMMC Level 2 Self-Assessment Analysis

Our sponsor, Kieri Solutions, has released an in-depth review and analysis of CMMC Level 2 Self-Assessments according to the CMMC Proposed Rule. Not official guidance for CMMC Proposed Rule This paper is for educational purposes and is not authoritative in Read More

Webinar – CMMC Proposed Rule Review

Our sponsor, Kieri Solutions, produced this webinar to review the hottest topics of the CMMC Proposed Rule. Thanks to Vincent Scott, Brian Hubbard, Jil Wright, and Amira Armond (all Certified CMMC Assessors and Instructors) for providing insightful review and commentary! Read More

CMMC Rule links to text (with December 26 content)!

Here are links to the text of the CMMC Proposed Rule: 32 CFR (CMMC Program) Downloadable PDF of Federal Register text (this version has page numbers): https://public-inspection.federalregister.gov/2023-27280.pdf Federal Register home page for CMMC and comments: https://www.federalregister.gov/documents/2023/12/26/2023-27280/cybersecurity-maturity-model-certification-cmmc-program Docket Information (the rule Read More

Is GCC-High required to pass CMMC?

Amira Armond (CMMC Instructor, Certified CMMC Assessor, President Kieri Solutions) answers the question “Is GCC-High required to pass a CMMC assessment?” This is actually an explanation of what the FedRAMP program is and is not. This video is meant for Read More

CMMC News – October 2023 – the DFARS Rule

Rulemaking Timeline for CMMC DFARS Rule The proposed CMMC Rule has been submitted to the Office of Information and Regulatory Affairs. Several groups (mostly cybersecurity professionals) have met with DoD CIO and OIRA to give recommendations for the rule. Most Read More

Why so few Defense contractors are compliant

๐‡๐จ๐ฐ ๐ฅ๐จ๐ง๐  ๐๐จ๐ž๐ฌ ๐ข๐ญ ๐ญ๐š๐ค๐ž ๐š ๐œ๐จ๐ฆ๐ฉ๐š๐ง๐ฒ ๐ญ๐จ ๐ ๐จ ๐›๐š๐ง๐ค๐ซ๐ฎ๐ฉ๐ญ ๐ข๐ญ ๐ฐ๐ก๐ž๐ง ๐œ๐š๐ง’๐ญ ๐ฐ๐ข๐ง ๐ฐ๐จ๐ซ๐ค? One year? Two? Three? Let me tell you a story about how a system of perverse incentives caused our current cybersecurity situation in the Defense Read More

DFARS 252.204-7012 – Part 1, CDI and Covered Info Systems

A guided review of DFARS 252.204-7012 covering the topics: What is a covered contractor information system? What is Covered Defense Information?

CMMC Level 1 certification and preparation (how-to)

If you are reading this article, you are probably the owner of a small DoD contracting company.  You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office.  You might be Read More

CMMC-AB Regan Edens interview on DFARS, FedRAMP, and AB authority

This interview with Regan Edens (CMMC-AB Chairman of the Standards Management Committee) clarifies clouds and CMMC, FedRAMP, and DFARS questions for Organizations Seeking Certification (OSCs)

Where is the Easy Button for CMMC? Why MSPs may be the solution.

CMMC and DFARS compliance is too expensive for small businesses. This article describes “easy button” solutions such as a CMMC MSP, using …

DFARS 252.204-7012 or 252.204-7021 enforces NIST 800-171 and CMMC

If you are a Defense Contractor that handles Controlled Unclassified Information (CUI), this news is going to be very important for you. DFARS 252.204-7012 Interim Rule Yesterday, the DoD released an interim rule to the Defense Federal Acquisition Rules Supplement Read More

CMMC Glossary, Terms, and Definitions. Who’s who in CMMC

As the CMMC ecosystem grows, it is starting to get hard to track all the key players and concepts. This page is meant as an easy to understand “who’s who” and “what’s what” for the CMMC. This CMMC glossary of Read More

Remote Management & Access Tools for 800-171 and CMMC

A question came up today from a client that has a large remote workforce. “How can my help desk manage end user devices while staying compliant with 800-171 and CMMC?” For example, can we use remote access tools like LogMeIn Read More

DFARS 252.204-7012 controls discussion for CMMC

Why is there a page for DFARS 252.204-7012 on a CMMC website? DFARS 252.204-7012 is a contract requirement for defense contractors that handle or might handle Controlled Unclassified Information (CUI). Unlike the CMMC, DFARS 7012 is currently required and should Read More