An overview of how we return (well we never left) to the baseline requirements of NIST-SP-800-171
An Introduction to the CMMC 1.0 model (defunct)
Make sure you have some basics in place before paying for any CMMC assessments. Use this list of questions to guide your journey.
CMMC takes reading. Compliance takes reading. Learning takes reading. My list of the top must reads from NIST.
Salazar's Testimony to Congreess
CMMC by the numbers. Forget 110, Delta 20, ofr even the 320 assessment obectives of 171a. Start thinking CMMC by the numbers (defunct...back to 171 and 320 objectives from 171a).
A starting place for companies who may not have much of a hygeine program in place.
Do you even know if your company will need to comply with the Cybersecurity Maturity Model Certification Program?
Universities need to deal with 171 on multiple fronts. Policy, open government laws, and shared governance may all combine to make change hard.
A brief timeline of events that brought us back to 2017.
Authorities, Organizations, and People in the CMMC ecosystem.
An overview of Controlled Unclassified Information utlizing ISOO training videos.
A quick reference defining all things CUI.
A quick reference to all practices and processes that explictly mention CUI.
An early discussion of IT providers. New scoping Guidance is out.
Taking an inventory of who's in charge.
The systems and rules set up to ensure a trustworthy ecosystem.
The Assessment Guide provides a discussion section. Learn the role and how to use it.
The plan DIBCAC laid out to assess C3PAOs under CMMC 1.0
The plan DIBCAC laid out to assess C3PAOs under CMMC 1.0
A guesstimation of a CMMC assessment timeframe using DIBCAC's C3PAO assessments as a guide.
An early discussion on the shared responsibility matrix. Importance has grown with new scoping guidance.
How a Certified CMMC Professional will work with organizations seeking certification.