Will CMMC assessors stick to just the CMMC requirements or will they review your compliance to CUI-specified handling and other regulations?
CMMC Level 3 wants procedures, AKA the 998 requirements, but what does that actually mean? And what is necessary to pass?
Achieving Cloud Compliance in the Age of CMMC, CUI, and DFARS 7012: How secure are your cloud vendors?
CMMC News rollup for July 2, 2021. Town hall recap. Industry Advisory Council review. C3PAO Stakeholder Forum, and other…
Concerns that CMMC is “dead” were recently buoyed by DoD spokespeople no longer participating in…
The first CMMC Assessment Organization is “Approved!” But what does that mean, and why is that different from the rest of the C3PAOs?
Current status of CMMC such as the schedule for CMMC scoping guidance, DFARS final rule. The Space Force contract that requires CMMC Level 3…
CMMC news about inheriting cybersecurity from cloud providers, C3PAOs moved to “candidate” status, the next Town Hall meeting, the DFARS Final Rule coming out in May…
Almost every defense contractor makes one or more of these design errors when they start building their CMMC Level 3 network
Hello all, here is the news from the last few weeks. Not a whole lot going on in public or officially, but it feels like we are getting close to some major milestones. CMMC Town Hall from February https://cmmcab.org/videos/cmmc-town-hall-february-2021/ According Read More
A guided review of DFARS 252.204-7012 covering the topics: What is a covered contractor information system? What is Covered Defense Information?
How to video and training on what a System Security Plan is, what it is used for, and what a high quality one looks like!
CMMC news for February 2021. The CMMC-AB Statement of Work is released. Status of reciprocity for FedRAMP and ISO 27001, CAICO upda…
This Q&A session with Ben Tchoubineh (CMMC-AB Chair, Training Committee) delves deeply into the CAICO and current state of CMMC training
Answers to common questions about how to submit your NIST SP 800-171 self assessment to SPRS. Register an account, how to handle multiple…
This is Part 3 of our CMMC Assessment series with Jeff Dalton (the lead trainer of the CMMC Provisional Assessors). Q&A about assessments!
This page has links and reviews of available templates and tools relating to the CMMC and NIST SP 800-171 **Updated February 10, 2021** Please help others in the community by leaving a comment with resource links! Warning – Assessment / Read More
Second interview with Jeff Dalton (CMMC-AB) about the CMMC assessment process. Topics relevant to every defense contractor, non-technical.
This article gives examples and explanations of how to identify your CMMC scope to an assessor when you are planning…
This article is provided by Kieri Solutions, a CMMC C3PAO candidate. Thanks to them for sharing some of the secret sauce! This article is meant to provide short explanations on topics that are commonly misunderstood (and not performed correctly) by Read More
The latest news about CMMC (January 2021). CISA offers free cybersecurity resources. Interviews about CMMC assessments and Q&A. Status of…
Interview with Jeff Dalton (CMMC-AB) about CMMC assessments. Who is authorized to perform assessments? When should you do a pre-assessment? Can you fix issues found during an assessment?
CMMC news for January 5, 2021. C3PAOs need FedRAMP High clouds. Assessment Guides > Appendixes. Congress mandates CMMC assessments against…
If you are reading this article, you are probably the owner of a small DoD contracting company. You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office. You might be Read More
This page is an index of LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.
This interview with Regan Edens (CMMC-AB Chairman of the Standards Management Committee) clarifies clouds and CMMC, FedRAMP, and DFARS questions for Organizations Seeking Certification (OSCs)
The CMMC Level 3 Assessment Guide is published! Video about how to read and use it. Critical review of the guide by Amira Armond.
Second interview with Jeff Dalton (CMMC-AB) and Amira Armond (CMMCAudit.org) on the topics of C3PAOs, CAs, Instructors, and Ethics
Video explanation from the authors of the CMMC Level 1 Assessment Guide (CMU-SE), and review by CMMCaudit.org
This article is an in-depth review of the CMMC Level 2 Requirement RM.2.142 on the topic of vulnerability scanning. I break out frequently asked questions and reference other requirements that are related to vulnerability scanning. This requirement also applies to current DFARS 252.204-7012 and NIST SP 800-171 organizations that hold CUI