This article is a deep-dive on CMMC practice SC.1.175 which requires control and monitoring of communications at external boundaries and…
Category: CMMC Technical Practices
CMMC Compliance FAQs – Organizations seeking certification
This article is provided by Kieri Solutions, an Authorized CMMC Third Party Assessment Organization, offering CMMC assessment services. Thanks to them for sharing some of the secret sauce! This article is meant to provide short explanations on topics that are Read More
CMMC Level 1 certification and preparation (how-to)
If you are reading this article, you are probably the owner of a small DoD contracting company. You’ve heard something about the CMMC (Cybersecurity Maturity Model Certification) either through your prime contractor or the SBA education office. You might be Read More
CMMC Capabilities Discussion Home
This page describes how to find the CMMC requirements, how to interpret them, and how to start preparing for an outside audit. It explains how to read the CMMC document and how your team or an auditor would check each Read More
Conversations from LinkedIn
This page is an index of LinkedIn discussions and posts about CMMC and 800-171. It will be updated over time with new topics.
CMMC-AB Regan Edens interview on DFARS, FedRAMP, and AB authority
This interview with Regan Edens (CMMC-AB Chairman of the Standards Management Committee) clarifies clouds and CMMC, FedRAMP, and DFARS questions for Organizations Seeking Certification (OSCs)
CMMC Level 3 Assessment Guide Webinar and Review
The CMMC Level 3 Assessment Guide is published! Video about how to read and use it. Critical review of the guide by Amira Armond.
CMMC Level 1 Assessment Guide and Review
Video explanation from the authors of the CMMC Level 1 Assessment Guide (CMU-SE), and review by CMMCaudit.org
CMMC RM.2.142 Scan for vulnerabilities in organizational systems
This article is an in-depth review of the CMMC Level 2 Requirement RM.2.142 on the topic of vulnerability scanning. I break out frequently asked questions and reference other requirements that are related to vulnerability scanning. This requirement also applies to current DFARS 252.204-7012 and NIST SP 800-171 organizations that hold CUI
Webinar on CMMC Level 1 by the Software Engineering Institute (CMU)
This webinar is a great resource for organizations no matter what CMMC level you expect to need. It is released by Carnegie Mellon University’s Software Engineering Institute. This is the organization that helped the DoD develop the original CMMC model. Read More
Where is the Easy Button for CMMC? Why MSPs may be the solution.
CMMC and DFARS compliance is too expensive for small businesses. This article describes “easy button” solutions such as a CMMC MSP, using …
Address 19 CMMC Practices with Cybersecurity Training
This article gives advice on how a quality cyber-awareness training program helps your organization meet 19+ CMMC practice requirements
CMMC ML.2.999 Developing an effective CMMC Policy
This webinar is published by Carnegie Mellon University’s Software Engineering Institute (SEI) – the co-authors of the CMMC Model. Their guidance about the CMMC should be considered authoritative. At CMMC level 2 and above, organizations are expected to have policies Read More
Introducing the CMMC Kill Chain – Zero to full compliance
Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on October 19, 2020 The concept of creating a “CMMC Kill Chain” started off as a bit of a dare… kind Read More
CMMC Level 4 – Discussion on Process Maturity – ML.4.996
This video from Carnegie Mellon Software Engineering Institute (co-authors of the CMMC Model) discusses CMMC Level 4 Maturity. The specific topic is CMMC requirement ML.4.996 “Review and measure [DOMAIN NAME] activities for effectiveness” SEI Blog: https://insights.sei.cmu.edu/sei_blog/cybersecurity-maturity-model-certification-cmmc/
CMMC Glossary, Terms, and Definitions. Who’s who in CMMC
As the CMMC ecosystem grows, it is starting to get hard to track all the key players and concepts. This page is meant as an easy to understand “who’s who” and “what’s what” for the CMMC. This CMMC glossary of Read More
CMMC PS.2.127 Personnel Screening and US Citizen discussion
The CMMC version 1.0 has the following security requirement. CMMC Personnel Security (PS) PS.2.127 (Level 2) “Screen individuals prior to authorizing access to organizational systems containing CUI.” This is a Level 2 requirement. There are no level 3, 4, or Read More
CMMC Version 1.0 Released – Analysis for DoD contractors
As promised, the Cybersecurity Maturity Model Certification (CMMC) version 1.0 was released to the public on January 31, 2020. The document should be stable at this point. Cybersecurity leads for defense contractors need to read through it as soon as Read More
Remote Management & Access Tools for 800-171 and CMMC
A question came up today from a client that has a large remote workforce. “How can my help desk manage end user devices while staying compliant with 800-171 and CMMC?” For example, can we use remote access tools like LogMeIn Read More