Achieving Cloud Compliance in the Age of CMMC, CUI, and DFARS 7012: How secure are your cloud vendors?
A guided review of DFARS 252.204-7012 covering the topics: What is a covered contractor information system? What is Covered Defense Information?
How to video and training on what a System Security Plan is, what it is used for, and what a high quality one looks like!
Answers to common questions about how to submit your NIST SP 800-171 self assessment to SPRS. Register an account, how to handle multiple…
This article is a deep-dive on CMMC practice SC.1.175 which requires control and monitoring of communications at external boundaries and…
This page is an index of LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.
This article is an in-depth review of the CMMC Level 2 Requirement RM.2.142 on the topic of vulnerability scanning. I break out frequently asked questions and reference other requirements that are related to vulnerability scanning. This requirement also applies to current DFARS 252.204-7012 and NIST SP 800-171 organizations that hold CUI
CMMC and DFARS compliance is too expensive for small businesses. This article describes “easy button” solutions such as a CMMC MSP, using …
This article gives advice on how a quality cyber-awareness training program helps your organization meet 19+ CMMC practice requirements
Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on October 19, 2020 The concept of creating a “CMMC Kill Chain” started off as a bit of a dare… kind Read More
If you are a Defense Contractor that handles Controlled Unclassified Information (CUI), this news is going to be very important for you. DFARS 252.204-7012 Interim Rule Yesterday, the DoD released an interim rule to the Defense Federal Acquisition Rules Supplement Read More
Why is there a page for NIST SP 800-171 on a CMMC website? The NIST standard, as described in a document named “NIST Special Publication 800-171” is a set of 110 security best practices that are CURRENTLY required for all Read More