At Cloud Security and Compliance Series – CS2 Huntsville, Nick Delrosso’s presentation included the “Top 10 Other Than Satisfied Requirements”. Nick Delrosso represents the DCMA’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) which has been performing cybersecurity assessments on contractors for the last few years. Top 10 failed… This is the list of the top ten 800-171 Read More
Author: Amira Armond
When is a FIPS Validated Module required?
This video from Amira Armond and Jillian Wright (both Kieri Solutions Provisional Assessors and Instructors), explains when FIPS 140-2 validated modules are required to be used by CMMC Level 2 / NIST SP 800-171. It also explains when FIPS is NOT required. Hint: you do not need FIPS for everything. Enjoy! Reference: NIST Cryptographic Module Read More
Lessons learned from two (three?) DIBCAC assessments
On behalf of CMMCAudit.org, I’m excited to share this interview with Jake Williams about his lessons learned from two DIBCAC assessments of DFARS 252.204-7012 and NIST SP 800-171 compliance. This video is packed with actionable information about what to expect during assessments. We compared and contrasted between defense contractor 800-171 assessments and the CMMC assessment that Kieri Read More
CMMC Annual Compliance Tasks
This article discusses six annual CMMC compliance tasks that are ideal for the quiet holiday season
Trends in 800-171 reporting and SPRS scores
Author: Amira Armond, the president of Kieri Solutions – an authorized CMMC Third Party Assessment Organization (C3PAO) providing CMMC assessments, CMMC consulting, and Compliance Documentation packages designed for small/medium business. This graphic depicts my personal experience talking with defense contractors about their 800-171 and CMMC compliance (and what score they entered in SPRS) over the Read More
MSPs and CMMC Compliance
Are you using a Managed Service Provider for your CMMC-compliant information system? Are you a Managed Service Provider with defense contractor clients? This article discusses the risks and pitfalls of having an MSP “in-scope” during your CMMC assessment, and gives tips for a better experience. This article is provided by our sponsor, Kieri Solutions, an authorized Read More
Are you ready for CMMC Assessment?
This article is provided by our sponsor, Kieri Solutions, an authorized CMMC Third Party Assessment Organization (C3PAO). Kieri Solutions provides assessment services, high-quality CMMC consulting, and an easy to use compliance documentation package geared toward small and medium businesses. CMMC assessments are expensive! Don’t volunteer for assessment if you won’t pass. This article describes 11 Read More
CMMC Scope – are you ready for an assessment?
This article gives examples and explanations of how to identify your CMMC scope to an assessor when you are planning…
CMMC 2.0 Scoping Scenarios Analysis
This detailed analysis of the CMMC Scoping Guide for Level 2 is meant for educational purposes only. It discusses 12 common scenarios and gives recommendations for scoping.
CMMC 2.0 is here – what changes in CMMC?
CMMC 2.0 is released, what changes? This article is being updated as more information comes out. The DoD just announced major…
Does CMMC enforce FedRAMP and other CUI protections?
Will CMMC assessors stick to just the CMMC requirements or will they review your compliance to CUI-specified handling and other regulations?
Defining authorized – a key concept in CMMC
The term authorized is used across 40 different assessment objectives in the CMMC. Do you know what it means? How do you show it?
The underestimated .998’s – procedure requirements for CMMC
CMMC Level 3 wants procedures, AKA the 998 requirements, but what does that actually mean? And what is necessary to pass?
CMMC News – July 2, 2021
CMMC News rollup for July 2, 2021. Town hall recap. Industry Advisory Council review. C3PAO Stakeholder Forum, and other…
Is CMMC dead? Why the delays?
Concerns that CMMC is “dead” were recently buoyed by DoD spokespeople no longer participating in…
C3PAO Authorization Levels Explained
The first CMMC Assessment Organization is “Approved!” But what does that mean, and why is that different from the rest of the C3PAOs?
CMMC News – May 30, 2021
Current status of CMMC such as the schedule for CMMC scoping guidance, DFARS final rule. The Space Force contract that requires CMMC Level 3…
CMMC News – April 24, 2021
CMMC news about inheriting cybersecurity from cloud providers, C3PAOs moved to “candidate” status, the next Town Hall meeting, the DFARS Final Rule coming out in May…
CMMC News – March 22, 2021
Hello all, here is the news from the last few weeks. Not a whole lot going on in public or officially, but it feels like we are getting close to some major milestones. CMMC Town Hall from February https://cmmcab.org/videos/cmmc-town-hall-february-2021/ According to last month’s CMMC Town Hall, the DoD is actively working on defining scope. OT Read More
DFARS 252.204-7012 – Part 1, CDI and Covered Info Systems
A guided review of DFARS 252.204-7012 covering the topics: What is a covered contractor information system? What is Covered Defense Information?
System Security Plan for 800-171 and CMMC
How to video and training on what a System Security Plan is, what it is used for, and what a high quality one looks like!
CMMC News – February 16, 2021
CMMC news for February 2021. The CMMC-AB Statement of Work is released. Status of reciprocity for FedRAMP and ISO 27001, CAICO upda…
CAICO and current state of CMMC training – Ben Tchoubineh (CMMC-AB)
This Q&A session with Ben Tchoubineh (CMMC-AB Chair, Training Committee) delves deeply into the CAICO and current state of CMMC training
CMMC Assessment Part 3 – Interview with Jeff Dalton
This is Part 3 of our CMMC Assessment series with Jeff Dalton (the lead trainer of the CMMC Provisional Assessors). Q&A about assessments!
CMMC-AB Jeff Dalton – the CMMC Assessment Process – Part 2
Second interview with Jeff Dalton (CMMC-AB) about the CMMC assessment process. Topics relevant to every defense contractor, non-technical.
CMMC practice deep dives: SC.1.175
This article is a deep-dive on CMMC practice SC.1.175 which requires control and monitoring of communications at external boundaries and…
CMMC News – January 23, 2021
The latest news about CMMC (January 2021). CISA offers free cybersecurity resources. Interviews about CMMC assessments and Q&A. Status of…
CMMC-AB Jeff Dalton – the CMMC Assessment Process – Part 1
Interview with Jeff Dalton (CMMC-AB) about CMMC assessments. Who is authorized to perform assessments? When should you do a pre-assessment? Can you fix issues found during an assessment?
CMMC News – January 5, 2021
CMMC news for January 5, 2021. C3PAOs need FedRAMP High clouds. Assessment Guides > Appendixes. Congress mandates CMMC assessments against…
Conversations from LinkedIn
This page is an index of LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.