What is FCI in CMMC and how does it affect scope?

The Cybersecurity Maturity Model Certification references “FCI” in draft version 0.6b.  What is this abbreviation? FCI in CMMC stands for “Federal Contract Information”. FCI is “Information not intended for public release. It is provided by or generated by for the Government under a contract to develop or deliver a product or service to the Government.  FCI does not include information provided by the Government to the public.”  Page 6, CMMC Preface V0.6b 20191107.docx Analysis of term FCI in the CMMC Read More

CMMC “allowable cost” discussion and thoughts

As I write this, we are still early in the process for the CMMC. The CMMC introductory Listening Tour just finished. CMMC Draft version 0.6 was released November 7, 2019. At this time, a third party oversight organization for certifiers and auditors has not been chosen yet. CMMC draft version 0.6 states, “This document includes CMMC Levels 1-3 of the latest version of the CMMC Model (Appendix A) with clarifications for CMMC Level 1 in Appendix B. The updates to Read More