Tag: CMMC assessment

Joint Surveillance Assessment - what is it like?

Joint Surveillance Assessment – what is it like?

Posted on by Amira Armond

This is an interview with Jose Rojas (TTC) and Ozzie Saeed (IntelliGRC) about their experience being assessed by Kieri Solutions, an Authorized C3PAO, as part of the Joint Surveillance Voluntary assessment program. Other than the obvious congratulations to both of Read More

What does "monitor" mean in CMMC?

What does “monitor” mean in CMMC?

Posted on by Amira Armond

Logan Therrien and Amira Armond from Kieri Solutions (an Authorized C3PAO) discuss the concept of monitoring and how it is evaluated by CMMC assessors. Several assessment objectives in CMMC Level 2 require monitoring. ๐Ÿ” the physical facility where organizational systems Read More

Podcast - increasing the likelihood of passing CMMC assessments

Podcast – increasing the likelihood of passing CMMC assessments

Posted on by Amira Armond

This podcast by Omnistruct features Amira Armond, John Riley, and George Usi. Recorded in May-June 2023. They discuss the basics of CMMC, the “hardest” requirement (FIPS of course), the aspects that contractors have the most difficulty with, and the status Read More

3.13.9 FIPS 140-2 Validated Cryptography

3.13.9 FIPS 140-2 Validated Cryptography

Posted on by Amira Armond

It is time, finally, to talk about the #1 “Other than Satisfied” requirement in 800-171, per historic DIBCAC assessments. ๐Ÿ˜ฑ ๐Ÿ’ฅ ๐Ÿ’ฅ ๐…๐ˆ๐๐’ 140-2 ๐•๐š๐ฅ๐ข๐๐š๐ญ๐ž๐ ๐Œ๐จ๐๐ฎ๐ฅ๐ž๐ฌ ๐Ÿ’ฅ ๐Ÿ’ฅ ๐Ÿ˜ฑ Listen up – I’m going to tell you how to succeed Read More

What are Spot Checks for?

Posted on by Amira Armond

๐‚๐Œ๐Œ๐‚ ๐€๐ฌ๐ฌ๐ž๐ฌ๐ฌ๐ฆ๐ž๐ง๐ญ ๐’๐ฉ๐จ๐ญ ๐‚๐ก๐ž๐œ๐ค๐ฌ “๐˜๐˜ง ๐˜ค๐˜ฐ๐˜ฏ๐˜ต๐˜ณ๐˜ข๐˜ค๐˜ต๐˜ฐ๐˜ณ’๐˜ด ๐˜ณ๐˜ช๐˜ด๐˜ฌ-๐˜ฃ๐˜ข๐˜ด๐˜ฆ๐˜ฅ ๐˜ด๐˜ฆ๐˜ค๐˜ถ๐˜ณ๐˜ช๐˜ต๐˜บ ๐˜ฑ๐˜ฐ๐˜ญ๐˜ช๐˜ค๐˜ช๐˜ฆ๐˜ด, ๐˜ฑ๐˜ณ๐˜ฐ๐˜ค๐˜ฆ๐˜ฅ๐˜ถ๐˜ณ๐˜ฆ๐˜ด, ๐˜ข๐˜ฏ๐˜ฅ ๐˜ฑ๐˜ณ๐˜ข๐˜ค๐˜ต๐˜ช๐˜ค๐˜ฆ๐˜ด ๐˜ฅ๐˜ฐ๐˜ค๐˜ถ๐˜ฎ๐˜ฆ๐˜ฏ๐˜ต๐˜ข๐˜ต๐˜ช๐˜ฐ๐˜ฏ ๐˜ฐ๐˜ณ ๐˜ฐ๐˜ต๐˜ฉ๐˜ฆ๐˜ณ ๐˜ง๐˜ช๐˜ฏ๐˜ฅ๐˜ช๐˜ฏ๐˜จ๐˜ด ๐˜ณ๐˜ข๐˜ช๐˜ด๐˜ฆ ๐˜ฒ๐˜ถ๐˜ฆ๐˜ด๐˜ต๐˜ช๐˜ฐ๐˜ฏ๐˜ด ๐˜ข๐˜ฃ๐˜ฐ๐˜ถ๐˜ต ๐˜ต๐˜ฉ๐˜ฆ๐˜ด๐˜ฆ ๐˜ข๐˜ด๐˜ด๐˜ฆ๐˜ต๐˜ด, ๐˜ต๐˜ฉ๐˜ฆ ๐˜ข๐˜ด๐˜ด๐˜ฆ๐˜ด๐˜ด๐˜ฐ๐˜ณ ๐˜ค๐˜ข๐˜ฏ ๐˜ค๐˜ฐ๐˜ฏ๐˜ฅ๐˜ถ๐˜ค๐˜ต ๐˜ข ๐˜ญ๐˜ช๐˜ฎ๐˜ช๐˜ต๐˜ฆ๐˜ฅ ๐˜ด๐˜ฑ๐˜ฐ๐˜ต ๐˜ค๐˜ฉ๐˜ฆ๐˜ค๐˜ฌ ๐˜ต๐˜ฐ ๐˜ช๐˜ฅ๐˜ฆ๐˜ฏ๐˜ต๐˜ช๐˜ง๐˜บ ๐˜ณ๐˜ช๐˜ด๐˜ฌ๐˜ด. ๐˜›๐˜ฉ๐˜ฆ ๐˜ญ๐˜ช๐˜ฎ๐˜ช๐˜ต๐˜ฆ๐˜ฅ ๐˜ด๐˜ฑ๐˜ฐ๐˜ต ๐˜ค๐˜ฉ๐˜ฆ๐˜ค๐˜ฌ(๐˜ด) ๐˜ด๐˜ฉ๐˜ข๐˜ญ๐˜ญ ๐˜ฏ๐˜ฐ๐˜ต ๐˜ฎ๐˜ข๐˜ต๐˜ฆ๐˜ณ๐˜ช๐˜ข๐˜ญ๐˜ญ๐˜บ ๐˜ช๐˜ฏ๐˜ค๐˜ณ๐˜ฆ๐˜ข๐˜ด๐˜ฆ ๐˜ต๐˜ฉ๐˜ฆ Read More

3.11.1 Periodically assess the risk to organizational operations

3.11.1 Periodically assess the risk to organizational operations

Posted on by Amira Armond

3.11.1 ๐๐ž๐ซ๐ข๐จ๐๐ข๐œ๐š๐ฅ๐ฅ๐ฒ ๐š๐ฌ๐ฌ๐ž๐ฌ๐ฌ ๐ซ๐ข๐ฌ๐ค…This is the fourth-most “Other than satisfied” #CMMC requirement. Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or Read More

3.11.2 Scan for Vulnerabilities

3.11.2 Scan for Vulnerabilities

Posted on by Amira Armond

Scan for vulnerabilities….This the fifth-most “Other than satisfied” #CMMC requirement with an 18% fail rate. 3.11.2 ๐’๐œ๐š๐ง ๐Ÿ๐จ๐ซ ๐ฏ๐ฎ๐ฅ๐ง๐ž๐ซ๐š๐›๐ข๐ฅ๐ข๐ญ๐ข๐ž๐ฌ ๐ข๐ง ๐จ๐ซ๐ ๐š๐ง๐ข๐ณ๐š๐ญ๐ข๐จ๐ง๐š๐ฅ ๐ฌ๐ฒ๐ฌ๐ญ๐ž๐ฆ๐ฌ ๐š๐ง๐ ๐š๐ฉ๐ฉ๐ฅ๐ข๐œ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐ฉ๐ž๐ซ๐ข๐จ๐๐ข๐œ๐š๐ฅ๐ฅ๐ฒ ๐š๐ง๐ ๐ฐ๐ก๐ž๐ง ๐ง๐ž๐ฐ ๐ฏ๐ฎ๐ฅ๐ง๐ž๐ซ๐š๐›๐ข๐ฅ๐ข๐ญ๐ข๐ž๐ฌ ๐š๐Ÿ๐Ÿ๐ž๐œ๐ญ๐ข๐ง๐  ๐ญ๐ก๐จ๐ฌ๐ž ๐ฌ๐ฒ๐ฌ๐ญ๐ž๐ฆ๐ฌ ๐š๐ง๐ ๐š๐ฉ๐ฉ๐ฅ๐ข๐œ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐š๐ซ๐ž ๐ข๐๐ž๐ง๐ญ๐ข๐Ÿ๐ข๐ž๐. “๐’๐’“๐’ˆ๐’‚๐’๐’Š๐’›๐’‚๐’•๐’Š๐’๐’๐’‚๐’ ๐’”๐’š๐’”๐’•๐’†๐’Ž๐’””…This is an example of Read More

3.3.5 Correlate Audit Processes

3.3.5 Correlate Audit Processes

Posted on by Amira Armond

NIST SP 800-171 3.3.5 ๐‚๐จ๐ซ๐ซ๐ž๐ฅ๐š๐ญ๐ž ๐š๐ฎ๐๐ข๐ญ ๐ซ๐ž๐œ๐จ๐ซ๐ ๐ซ๐ž๐ฏ๐ข๐ž๐ฐ, ๐š๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ, ๐š๐ง๐ ๐ซ๐ž๐ฉ๐จ๐ซ๐ญ๐ข๐ง๐  ๐ฉ๐ซ๐จ๐œ๐ž๐ฌ๐ฌ๐ž๐ฌ ๐Ÿ๐จ๐ซ ๐ข๐ง๐ฏ๐ž๐ฌ๐ญ๐ข๐ ๐š๐ญ๐ข๐จ๐ง ๐š๐ง๐ ๐ซ๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ž ๐ญ๐จ ๐ข๐ง๐๐ข๐œ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐จ๐Ÿ ๐ฎ๐ง๐ฅ๐š๐ฐ๐Ÿ๐ฎ๐ฅ, ๐ฎ๐ง๐š๐ฎ๐ญ๐ก๐จ๐ซ๐ข๐ณ๐ž๐, ๐ฌ๐ฎ๐ฌ๐ฉ๐ข๐œ๐ข๐จ๐ฎ๐ฌ, ๐จ๐ซ ๐ฎ๐ง๐ฎ๐ฌ๐ฎ๐š๐ฅ ๐š๐œ๐ญ๐ข๐ฏ๐ข๐ญ๐ฒ. This is the 8th most likely requirement to be “other than satisfied” by defense contractors, according Read More

CMMC Scoping for Level 2

CMMC Scoping for Level 2

Posted on by Amira Armond

This video is provided by Amira Armond and Jil Wright (CMMC Provisional Assessors and Provisional Instructors) from Kieri Solutions, an Authorized C3PAO. Topics discussed in the video are: This content is way more than the CCP course blueprint covers and more in-depth than what is Read More

CMMC Scoping for Level 1

CMMC Scoping for Level 1

Posted on by Amira Armond

This video is provided by Amira Armond and Jil Wright (CMMC Provisional Assessors and Provisional Instructors) from Kieri Solutions, an Authorized C3PAO. Topics included are: Kieri Solutions is an Authorized C3PAO providing CMMC and 800-171 assessment and preparation services. They Read More

Excuses that won’t work for your CMMC assessment

Posted on by Amira Armond

Public Safety Announcement forย #CMMCย and DIBCAC assessments of 800-171 compliance. “My _________ is scheduled to occur in January and we haven’t reached January yet.” – said too many Organizations Seeking Certification Do not try to use this excuse to explain why Read More

Policy templates and tools for CMMC and 800-171

Posted on by Amira Armond

This page has links and reviews of available templates and tools relating to the CMMC and NIST SP 800-171 **Updated December 16, 2022** Please help others in the community by leaving a comment with resource links! Defense Industrial Base Cybersecurity Read More

CMMC-AB Jeff Dalton - the CMMC Assessment Process - Part 1

CMMC-AB Jeff Dalton – the CMMC Assessment Process – Part 1

Posted on by Amira Armond

Interview with Jeff Dalton (CMMC-AB) about CMMC assessments. Who is authorized to perform assessments? When should you do a pre-assessment? Can you fix issues found during an assessment?

Introducing the CMMC Kill Chain – Zero to full compliance

Posted on by Amira Armond

Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on October 19, 2020 The concept of creating a โ€œCMMC Kill Chainโ€ started off as a bit of a dareโ€ฆ kind Read More

When is a conformity assessment not a conformity assessment? (hint โ€“ it is CMMC)

Posted on by Amira Armond

Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on August 13, 2020 This episode of Coffee Thoughts With Tom addresses CMMC as a conformity assessment, since conformity assessments are intended Read More