Address 19 CMMC Practices with Cybersecurity Training

This article is a re-post (with some modifications) with permission from Native Intelligence’s blog. Native Intelligence is a provider of security awareness materials such as training courses and motivational items (check out their security awareness-themed fortune cookies!) CMMC and Cyber Read More

CMMC ML.2.999 Developing an effective CMMC Policy

This webinar is published by Carnegie Mellon University’s Software Engineering Institute (SEI) – the co-authors of the CMMC Model. Their guidance about the CMMC should be considered authoritative. At CMMC level 2 and above, organizations are expected to have policies Read More

Introducing the CMMC Kill Chain – Zero to full compliance

Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on October 19, 2020 The concept of creating a “CMMC Kill Chain” started off as a bit of a dare… kind Read More

CMMC Level 4 – Discussion on Process Maturity – ML.4.996

This video from Carnegie Mellon Software Engineering Institute (co-authors of the CMMC Model) discusses CMMC Level 4 Maturity. The specific topic is CMMC requirement ML.4.996 “Review and measure [DOMAIN NAME] activities for effectiveness” SEI Blog: https://insights.sei.cmu.edu/sei_blog/cybersecurity-maturity-model-certification-cmmc/

Policy templates and tools for CMMC and 800-171

This page has links and reviews of available templates and tools relating to the CMMC and NIST SP 800-171 **Updated October 23, 2020** Please help others in the community by leaving a comment with resource links! Warning – Assessment / Read More

DFARS 252.204-7012 or 252.204-7021 enforces NIST 800-171 and CMMC

If you are a Defense Contractor that handles Controlled Unclassified Information (CUI), this news is going to be very important for you. DFARS 252.204-7012 Interim Rule Yesterday, the DoD released an interim rule to the Defense Federal Acquisition Rules Supplement Read More

CMMC News Rollup – August 26, 2020

DFARS rule update for CMMC The acquisitions office has proposed an amendment to DFARS 252.204-7012, which is the contract rule that currently requires a high level of cybersecurity for the majority of Defense Contractors. The amendment is expected to replace Read More

When is a conformity assessment not a conformity assessment? (hint – it is CMMC)

Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on August 13, 2020 This episode of Coffee Thoughts With Tom addresses CMMC as a conformity assessment, since conformity assessments are intended Read More

What is FCI in CMMC and how does it affect scope?

The Cybersecurity Maturity Model Certification references “FCI”.   What is this abbreviation? FCI in CMMC stands for “Federal Contract Information”. FCI is “Information not intended for public release. It is provided by or generated by for the Government under a Read More

CMMC Rollout Status – Taking stock (July 31, 2020)

Editor’s note: This article gives a timely update on the laws and processes governing CMMC enforcement. To this point, there has not been official requirement for CMMC in the Federal Acquisition Regulation (FAR) or Defense Federal Acquisition Regulation Supplement (DFARS). Read More

CMMC news: CMMC AB opens registration for C3PAOs and Assessors

Hello all, The CMMC Accreditation Body has opened new pages on their website to give information about registering as a C3PAO  (Certified Third Party Assessor Organization) and as an Assessor.   They also have information about becoming a ‘registered practitioner’ or Read More

CMMC Level 1 certification and preparation (how-to)

If you are reading this article, you are probably the owner of a small DoD contracting company.  You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office.  You might be Read More

Remote Management & Access Tools for 800-171 and CMMC

A question came up today from a client that has a large remote workforce. “How can my help desk manage end user devices while staying compliant with 800-171 and CMMC?” For example, can we use remote access tools like LogMeIn Read More