If you are a Defense Contractor that handles Controlled Unclassified Information (CUI), this news is going to be very important for you. DFARS 252.204-7012 Interim Rule Yesterday, the DoD released an interim rule to the Defense Federal Acquisition Rules Supplement Read More
Category: Latest CMMC news
CMMC News Roundup September 28 2020
Hello all, Big news this last two weeks. In particular, the DFARS rule for CMMC abruptly changed course. It looked like it was delayed for months, but then (I think?) it got approved on an interim basis, to go into Read More
CMMC News Roundup September 9 2020
Hello folks, Here’s the latest CMMC news and articles you should check out! CMMC FAQ for Organizations Seeking Certification This easy FAQ article discusses frequently asked questions about implementing CMMC security. Things like “Can my employees use their home computers Read More
CMMC News Rollup – August 26, 2020
DFARS rule update for CMMC The acquisitions office has proposed an amendment to DFARS 252.204-7012, which is the contract rule that currently requires a high level of cybersecurity for the majority of Defense Contractors. The amendment is expected to replace Read More
When is a conformity assessment not a conformity assessment? (hint – it is CMMC)
Author: Tom Cornelius| Senior Partner at ComplianceForge | Founder & Contributor at Secure Controls Framework (SCF) Originally published on LinkedIn on August 13, 2020 This episode of Coffee Thoughts With Tom addresses CMMC as a conformity assessment, since conformity assessments are intended Read More
CMMC “allowable cost” discussion and thoughts
*Updated August 13, 2020* CMMC cybersecurity is an “allowable cost” for DoD contractors? “The required CMMC level will be contained in sections L & M of the Request for Proposals (RFP) making cybersecurity an “allowable cost” in DoD contracts.” “The Read More
What is FCI in CMMC and how does it affect scope?
The Cybersecurity Maturity Model Certification references “FCI”. What is this abbreviation? FCI in CMMC stands for “Federal Contract Information”. FCI is “Information not intended for public release. It is provided by or generated by for the Government under a Read More
CMMC Provisional Auditor program opt-ins
On August 9th 2020, the CMMC Accreditation Body sent this email to me (and presumably others who registered for CMMC certified assessor). To opt-in, you must attest that you meet experience requirements 10+ years experience conducting evidence-based assessments in cyber Read More
CMMC Rollout Status – Taking stock (July 31, 2020)
Editor’s note: This article gives a timely update on the laws and processes governing CMMC enforcement. To this point, there has not been official requirement for CMMC in the Federal Acquisition Regulation (FAR) or Defense Federal Acquisition Regulation Supplement (DFARS). Read More
CMMC news round-up July 30, 2020
Here are the CMMC news topics this week: Registrations open for CMMC auditors, C3PAOs, and “registered” practitioners / organizations Registration has been open for a month and a week. Links and information about registration can be found at this CMMCaudit Read More
A Practitioner’s Thoughts On CMMC
Editor’s comments: This article is an excellent read if you have experience doing cyber-security compliance based on NIST SP 800-171 or DFARS 252.204-7012. If you don’t have prior experience on these topics, the article may not make much sense to Read More
CMMC news: CMMC AB opens registration for C3PAOs and Assessors
Hello all, The CMMC Accreditation Body has opened new pages on their website to give information about registering as a C3PAO (Certified Third Party Assessor Organization) and as an Assessor. They also have information about becoming a ‘registered practitioner’ or Read More
CMMC News – Auditor Training Update – May 22, 2020
These are my notes from the CMMC Accreditation Body webinar regarding Assessor / Auditor Training. Disclaimer: I’m not a member of the CMMC AB, I am just providing these notes as a service to the community. Please watch the webinar Read More
CMMC News – May 21 2020
The CMMC Accreditation Body (CMMC AB) has started to publish their progress via webinars on the cmmcab.org website. Here are my notes from the webinar I watched on 5/21/2020, published at https://www.cmmcab.org and archived on YouTube here. Ty Schieber is Read More
CMMC Version 1.0 Released – Analysis for DoD contractors
As promised, the Cybersecurity Maturity Model Certification (CMMC) version 1.0 was released to the public on January 31, 2020. The document should be stable at this point. Cybersecurity leads for defense contractors need to read through it as soon as Read More
Remote Management & Access Tools for 800-171 and CMMC
A question came up today from a client that has a large remote workforce. “How can my help desk manage end user devices while staying compliant with 800-171 and CMMC?” For example, can we use remote access tools like LogMeIn Read More