Conversations from LinkedIn

Logo for linkedIn

This page is an index of great LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.

If you don’t have a LinkedIn account, you will still be able to see some comments, but not all. I highly recommend being signed in to LinkedIn for full effect.

Discussions with comments from the DoD, Carnegie Mellon University | Software Engineering Institute, the CMMC Accreditation Body, and other authorities are given priority in this index.

If you would like to recommend a great LinkedIn discussion for this page, please let us know at or comment below.

Non-technical CMMC discussions (Contractors and National Security)

Let’s not build a ten dollar fence around a one dollar horse! On cybersecurity costs for small businesses.

SPRS self assessment required for non-CUI contracts?

What’s next for CMMC? (Robert Metzger, Deborah Rodin, Eleanor Ross)

CMMC and operational technology systems (manufacturing)

Disruption to DoD’s supply chain if CMMC moves forward on pace

Sensitive Data (CUI , FCI, etc)

Are DIB aggregated security information (such as SSPs) considered CUI?


DNI tries to abort Controlled Unclassified Information policy

CMMC Process Maturity discussions

CMMC compliance can’t be met by simply buying technical tools

CMMC Technical discussions (about specific practices)

AC.1.001 on how most companies fail the device objective

AC.2.005 on Privacy and Security Notices

IA.2.081 – password storage and one way hashing–lbV

RM.2.142 – vulnerability scanning, requirement for credentialed scans?

Clouds – can you encrypt your CUI in a non-FedRAMP cloud and still pass?

SC.3.183 – where does Deny traffic by default, allow by exception, apply?

Should endpoints that access VDI be in scope?

CMMC Professionals (C3PAOs, Certified Assessors, Registered Practitioners, etc)

CMMC assessors are required to complete a Tier-3 (non-clearance) Suitability Determination

Review of CMMC Assessment Guide for Level 3 , version 1.10

ISO 17020

More on ISO 17020

How much will ISO 17020 cost? Reddit and Vince Scott

C3PAOs need to use FedRAMP High clouds (if they use clouds)

Assessment Procedures

Depth and thoroughness of assessment? CMMC references 171 Appendix D

DFARS 252.204-7012 , 7019 , 7020, 7021

Interview with Regan Edens about DFARS, FedRAMP, and AB authority. Additional discussion about FedRAMP cloud requirements.

DFARS, CUI, and the Catch-22

Cloud requirements

Leave a Reply

Your email address will not be published. Required fields are marked *