Editor’s note: This article gives a timely update on the laws and processes governing CMMC enforcement. To this point, there has not been official requirement for CMMC in the Federal Acquisition Regulation (FAR) or Defense Federal Acquisition Regulation Supplement (DFARS). However, as this article describes, the process has been started to change the regulations. Author: Read More
Author: Amira Armond
Amira is the founder of Kieri Solutions LLC, a cybersecurity consulting company in Maryland USA.
Connect with Amira on LinkedIn: https://www.linkedin.com/in/amira-armond-25a77a141/
- - -
Connect with Amira on LinkedIn: https://www.linkedin.com/in/amira-armond-25a77a141/
- - -
CMMC news round-up July 30, 2020
Here are the CMMC news topics this week: Registrations open for CMMC auditors, C3PAOs, and “registered” practitioners / organizations Registration has been open for a month and a week. Links and information about registration can be found at this CMMCaudit blog “CMMC AB opens registration for C3PAOs and Assessors“. I submitted applications for C3PAO and Read More
A Practitioner’s Thoughts On CMMC
Editor’s comments: This article is an excellent read if you have experience doing cyber-security compliance based on NIST SP 800-171 or DFARS 252.204-7012. If you don’t have prior experience on these topics, the article may not make much sense to you. Of particular interest to me is the scoping conflict between FCI and CUI, which Read More
CMMC news: CMMC AB opens registration for C3PAOs and Assessors
Hello all, The CMMC Accreditation Body has opened new pages on their website to give information about registering as a C3PAO (Certified Third Party Assessor Organization) and as an Assessor. They also have information about becoming a ‘registered practitioner’ or a ‘registered provider organization’ (these can be team members but not lead audits). You can Read More
CMMC News – Auditor Training Update – May 22, 2020
These are my notes from the CMMC Accreditation Body webinar regarding Assessor / Auditor Training. Disclaimer: I’m not a member of the CMMC AB, I am just providing these notes as a service to the community. Please watch the webinar for exact wording and full details. This webinar was released May 21, 2020 on the Read More
CMMC News – May 21 2020
The CMMC Accreditation Body (CMMC AB) has started to publish their progress via webinars on the cmmcab.org website. Here are my notes from the webinar I watched on 5/21/2020, published at https://www.cmmcab.org and archived on YouTube here. Ty Schieber is the Chair of the CMMC Accreditation Body. He presented the current status of the AB. Read More
CMMC PS.2.127 Personnel Screening and US Citizen discussion
The CMMC version 1.0 has the following security requirement. CMMC Personnel Security (PS) PS.2.127 (Level 2) “Screen individuals prior to authorizing access to organizational systems containing CUI.” This is a Level 2 requirement. There are no level 3, 4, or 5 requirements in this version of the CMMC. Disclaimer: This article is an opinion. Use Read More
CMMC Version 1.0 Released – Analysis for DoD contractors
As promised, the Cybersecurity Maturity Model Certification (CMMC) version 1.0 was released to the public on January 31, 2020. The document should be stable at this point. Cybersecurity leads for defense contractors need to read through it as soon as possible and begin closing the gaps in their organization’s cyber-security practices. Links to CMMC v1.0 Read More
Remote Management & Access Tools for 800-171 and CMMC
A question came up today from a client that has a large remote workforce. “How can my help desk manage end user devices while staying compliant with 800-171 and CMMC?” For example, can we use remote access tools like LogMeIn or Chrome Remote Desktop, which allow always-on connections to the desktop? The following is my Read More