Second interview with Jeff Dalton (CMMC-AB) about the CMMC assessment process. Topics relevant to every defense contractor, non-technical.
Category: Latest CMMC news
CMMC Compliance FAQs – Organizations seeking certification
This article is provided by Kieri Solutions, an Authorized CMMC Third Party Assessment Organization, offering CMMC assessment services. Thanks to them for sharing some of the secret sauce! This article is meant to provide short explanations on topics that are Read More
CMMC News – January 23, 2021
The latest news about CMMC (January 2021). CISA offers free cybersecurity resources. Interviews about CMMC assessments and Q&A. Status of…
CMMC-AB Jeff Dalton – the CMMC Assessment Process – Part 1
Interview with Jeff Dalton (CMMC-AB) about CMMC assessments. Who is authorized to perform assessments? When should you do a pre-assessment? Can you fix issues found during an assessment?
CMMC News – January 5, 2021
CMMC news for January 5, 2021. C3PAOs need FedRAMP High clouds. Assessment Guides > Appendixes. Congress mandates CMMC assessments against…
CMMC Level 1 certification and preparation (how-to)
If you are reading this article, you are probably the owner of a small DoD contracting company. You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office. You might be Read More
Conversations from LinkedIn
This page is an index of LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.
CMMC-AB Regan Edens interview on DFARS, FedRAMP, and AB authority
This interview with Regan Edens (CMMC-AB Chairman of the Standards Management Committee) clarifies clouds and CMMC, FedRAMP, and DFARS questions for Organizations Seeking Certification (OSCs)
CMMC Level 3 Assessment Guide Webinar and Review
The CMMC Level 3 Assessment Guide is published! Video about how to read and use it. Critical review of the guide by Amira Armond.
CMMC-AB Jeff Dalton Interview #2 – C3PAOs, CAs, Instructors, Ethics
Second interview with Jeff Dalton (CMMC-AB) and Amira Armond (CMMCAudit.org) on the topics of C3PAOs, CAs, Instructors, and Ethics
CMMC Level 1 Assessment Guide and Review
Video explanation from the authors of the CMMC Level 1 Assessment Guide (CMU-SE), and review by CMMCaudit.org
CMMC RM.2.142 Scan for vulnerabilities in organizational systems
This article is an in-depth review of the CMMC Level 2 Requirement RM.2.142 on the topic of vulnerability scanning. I break out frequently asked questions and reference other requirements that are related to vulnerability scanning. This requirement also applies to current DFARS 252.204-7012 and NIST SP 800-171 organizations that hold CUI
Answers about C3PAOs, Assessors, and other CMMC Professional questions
Jeff Dalton from the CMMC Accreditation Body Board of Directors was kind enough to provide answers to my burning questions about…
Webinar on CMMC Level 1 by the Software Engineering Institute (CMU)
This webinar is a great resource for organizations no matter what CMMC level you expect to need. It is released by Carnegie Mellon University’s Software Engineering Institute. This is the organization that helped the DoD develop the original CMMC model. Read More
CMMC News Rollup November 19 2020
Hello all, Lots of different topics in this news article. I hope they help you! – Amira Armond Registered Practitioners and RPOs are official! The CMMC-AB started releasing badges to Registered Practitioners on November 17th. If you are a Registered Read More
Where is the Easy Button for CMMC? Why MSPs may be the solution.
CMMC and DFARS compliance is too expensive for small businesses. This article describes “easy button” solutions such as a CMMC MSP, using …
CMMC News Rollup – October 25, 2020
Hello all, Here are the latest third party articles and topics regarding CMMC, DFARS, and NIST 800-171 compliance. Best of luck in your compliance journey! – Amira DFARS 7012 , 7019, 7020 DoD Self Assessments Due This list has some Read More
CMMC Basics – the Full Details
In-depth article about CMMC basics such as where it came from, what purpose it is trying to achieve, timeframe for rollout, and…
Address 19 CMMC Practices with Cybersecurity Training
This article gives advice on how a quality cyber-awareness training program helps your organization meet 19+ CMMC practice requirements
CMMC ML.2.999 Developing an effective CMMC Policy
This webinar is published by Carnegie Mellon University’s Software Engineering Institute (SEI) – the co-authors of the CMMC Model. Their guidance about the CMMC should be considered authoritative. At CMMC level 2 and above, organizations are expected to have policies Read More
Introducing the CMMC Kill Chain – Zero to full compliance
Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on October 19, 2020 The concept of creating a “CMMC Kill Chain” started off as a bit of a dare… kind Read More
CMMC Level 4 – Discussion on Process Maturity – ML.4.996
This video from Carnegie Mellon Software Engineering Institute (co-authors of the CMMC Model) discusses CMMC Level 4 Maturity. The specific topic is CMMC requirement ML.4.996 “Review and measure [DOMAIN NAME] activities for effectiveness” SEI Blog: https://insights.sei.cmu.edu/sei_blog/cybersecurity-maturity-model-certification-cmmc/
CMMC News Rollup October 6, 2020
Hello folks, This is week’s update is pretty short. The DFARS Interim Rule is still the biggest news. Other topics are the new DoD CUI website which has great resources for contractors, and word-of-mouth updates on the CMMC-AB’s registered practitioner Read More
DFARS 252.204-7012 or 252.204-7021 enforces NIST 800-171 and CMMC
If you are a Defense Contractor that handles Controlled Unclassified Information (CUI), this news is going to be very important for you. DFARS 252.204-7012 Interim Rule Yesterday, the DoD released an interim rule to the Defense Federal Acquisition Rules Supplement Read More
CMMC News Roundup September 28 2020
Hello all, Big news this last two weeks. In particular, the DFARS rule for CMMC abruptly changed course. It looked like it was delayed for months, but then (I think?) it got approved on an interim basis, to go into Read More
Review of CMMC Registered Practitioner Training
This is a historical post from September 2020. Information on Registered Practitioners may have changed since then. You have been warned. I just finished the CMMC-AB’s Registered Practitioner training course. We aren’t allowed to reproduce the content, so you won’t Read More
CMMC News Roundup September 9 2020
Hello folks, Here’s the latest CMMC news and articles you should check out! CMMC FAQ for Organizations Seeking Certification This easy FAQ article discusses frequently asked questions about implementing CMMC security. Things like “Can my employees use their home computers Read More
CMMC News Rollup – August 26, 2020
DFARS rule update for CMMC The acquisitions office has proposed an amendment to DFARS 252.204-7012, which is the contract rule that currently requires a high level of cybersecurity for the majority of Defense Contractors. The amendment is expected to replace Read More
When is a conformity assessment not a conformity assessment? (hint – it is CMMC)
Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on August 13, 2020 This episode of Coffee Thoughts With Tom addresses CMMC as a conformity assessment, since conformity assessments are intended Read More
CMMC “allowable cost” discussion and thoughts
*Updated August 13, 2020* CMMC cybersecurity is an “allowable cost” for DoD contractors? “The required CMMC level will be contained in sections L & M of the Request for Proposals (RFP) making cybersecurity an “allowable cost” in DoD contracts.” “The Read More