This page is an index of great LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.
If you don’t have a LinkedIn account, you will still be able to see some comments, but not all. I highly recommend being signed in to LinkedIn for full effect.
Discussions with comments from the DoD, Carnegie Mellon University | Software Engineering Institute, the CMMC Accreditation Body, and other authorities are given priority in this index.
If you would like to recommend a great LinkedIn discussion for this page, please let us know at newsletter@cmmcaudit.org or comment below.
Non-technical CMMC discussions (Contractors and National Security)
Let’s not build a ten dollar fence around a one dollar horse! On cybersecurity costs for small businesses.
SPRS self assessment required for non-CUI contracts?
What’s next for CMMC? (Robert Metzger, Deborah Rodin, Eleanor Ross)
CMMC and operational technology systems (manufacturing)
Disruption to DoD’s supply chain if CMMC moves forward on pace
Sensitive Data (CUI , FCI, etc)
Are DIB aggregated security information (such as SSPs) considered CUI?
Is FOUO CUI?
DNI tries to abort Controlled Unclassified Information policy
CMMC Process Maturity discussions
CMMC compliance can’t be met by simply buying technical tools
CMMC Technical discussions (about specific practices)
AC.1.001 on how most companies fail the device objective
AC.2.005 on Privacy and Security Notices
IA.2.081 – password storage and one way hashing
RM.2.142 – vulnerability scanning, requirement for credentialed scans?
Clouds – can you encrypt your CUI in a non-FedRAMP cloud and still pass?
SC.3.183 – where does Deny traffic by default, allow by exception, apply?
Should endpoints that access VDI be in scope?
https://www.linkedin.com/posts/activity-6745447885149761536-GvXw
CMMC Professionals (C3PAOs, Certified Assessors, Registered Practitioners, etc)
CMMC assessors are required to complete a Tier-3 (non-clearance) Suitability Determination
https://www.linkedin.com/posts/activity-6741489712936157184-HLMv
Review of CMMC Assessment Guide for Level 3 , version 1.10
ISO 17020
More on ISO 17020
How much will ISO 17020 cost? Reddit and Vince Scott
https://www.linkedin.com/feed/update/urn:li:activity:6756160132805140480/
C3PAOs need to use FedRAMP High clouds (if they use clouds)
https://www.linkedin.com/posts/reganedens_cmmcab-activity-6752361566777221120-ipB7
Assessment Procedures
Depth and thoroughness of assessment? CMMC references 171 Appendix D
https://www.linkedin.com/feed/update/urn:li:activity:6755246339312926720/
DFARS 252.204-7012 , 7019 , 7020, 7021
Interview with Regan Edens about DFARS, FedRAMP, and AB authority. Additional discussion about FedRAMP cloud requirements.
DFARS, CUI, and the Catch-22
Cloud requirements