Health Care Quality Digest

Implementing 3.1.1 from NIST SP 800-171 Rev 2: Everything You Need to Know

Etactics

APRIL 24, 2024

The following blog explores in detail the first security requirement 3.1.1 The proposed cybersecurity maturity model certification (CMMC) rule verifies SP 800-171. under CMMC 2.0. This practice applies to organizations seeking compliance within any level of CMMC. As of 12/22/23, CMMC 2.1 1.001 then AC.L1-3.1.1

Accountability

Accountability Integration Regulations Prevention

CMMC Data Flow Diagrams: An Ultimate Guide

Etactics

MARCH 19, 2024

The Cybersecurity Maturity Model Certification (CMMC) program protects federal information from unauthorized disclosure. Level 1 is for organizations that handle Federal Contract Information (FCI). Level 2 adds additional safeguarding requirements for protecting Controlled Unclassified Information (CUI).

CMMC Level 1 Continuous Monitoring: Everything You Need to Know

Etactics

APRIL 11, 2024

This blog discusses strategies for monitoring the effectiveness of security requirements. AC-2 within NIST SP 800-53 states that authorization should occur before granting access. Documenting briefings establishes evidence for the following CMMC Level 1 objectives: AC.L1-b.1.i(a) i(a) identifying authorized users AC.L1-b.1.i(b)

Accountability

[ANSWERED] What is CMMC 2.0?

Etactics

JUNE 27, 2023

If you work within the Defense Industrial Base (DIB), you’ve likely heard rumblings surrounding “CMMC”. Well, let’s start by defining that CMMC stands for the Cybersecurity Maturity Model Certification. CMMC is an assessment standard designed to ensure that defense contractors comply with current cybersecurity requirements.

Accountability

Accountability Integration

CMMC-AB May Town Hall: Key Takeaways

Etactics

JUNE 28, 2022

May’s CMMC-AB Town Hall marked the end of an era. There will be no more CMMC-AB Town Halls discussing what the accreditation body is doing to prepare the ecosystem of consultants, educators and assessors for the upcoming final CMMC rule. That’s because, in May’s Town Hall, the CMMC-AB announced their rebranding to The Cyber AB.

Integration

All CMMC Version 2.0 Changes and Their Impact

Etactics

NOVEMBER 9, 2021

On November 4, 2021, the Acquisition and Sustainment Office of the Under Secretary of Defense (OUSD A&S) announced a new strategic direction for the Cybersecurity Maturity Model Certification (CMMC) framework. The launch of CMMC 2.0 These changes will have far-reaching implications throughout the CMMC ecosystem.

The Ultimate CMMC Scoping Guide: A Matrix for Every Level

Etactics

NOVEMBER 1, 2022

Scoping is often overlooked when preparing for a cybersecurity maturity model certification (CMMC). The purpose of this blog is to provide a resource that documents how to tailor the 320 objectives within NIST SP 800-171A to the CMMC scope. Image Source: CMMC Self-Assessment Scope Level 2. Table of Contents.

Regulations

An In-Depth Look Into CMMC Level 3 Requirements

Etactics

AUGUST 10, 2021

Of course, what I’m referring to is the upcoming enforcement of the Cybersecurity Maturity Model Certification (CMMC). If you have any existing contracts with the DoD, you’ve probably heard the acronym “CMMC” whispered throughout your office, fueled by a general sense of fear. Maybe that’s what ultimately led you to this blog post.

Regulations

CMMC-AB November 30 Town Hall: Key Takeaways and Unanswered Questions

Etactics

DECEMBER 9, 2021

Table of Contents Town Hall Overview Credits for Exam Vouchers C3PAO Assessment Vouchers Renewals On Proposed Changes in CMMC 2.0 Concerns of CMMC 2.0 Benefits of CMMC 2.0 Town Hall Overview On November 30, 2021, the CMMC-AB held a scheduled Town Hall meeting to update the CMMC Ecosystem and defense industrial base (DIB).

Accountability

Accountability Integration

What CMMC Stands For and Why You Need Know It

Etactics

OCTOBER 5, 2021

CMMC stands for the Cybersecurity Maturity Model Certification. The first, and most important, absolute is that the Department of Defense is the governing body that’s mandating CMMC. The DoD plans on enforcing it from now until 2025, steadily increasing the number of contracts that contain CMMC as a requirement.

Regulations

Regulations Process improvement

CMMC Training: Everything You Need to Know

Etactics

AUGUST 31, 2021

Table of Contents Individuals Performing Services (IPS) Training Registered Practitioner (RP) Training Registered Provider Organization (RPO) Training Certified Third-Party Assessor Organization (C3PAO) Training CMMC Professionals (CCPs) and CMMC Assessors (CCAs) CMMC Provisional Assessor Training Conclusion.

An Explanation of All 17 Required CMMC Level 1 Controls

Etactics

JULY 27, 2021

Enter CMMC, stage left. The Cybersecurity Maturity Model Certification (CMMC) is the result of a push by the Department of Defense (DoD) to protect the confidential information that its contractors deal with daily. The first version of CMMC came out in January 2020 and it affects all DoD contractors and their entire supply chain.

Integration

Integration Regulations Accountability

CMMC Level 1 Compliant Awareness Training: AC, MP, PE

Etactics

JULY 12, 2022

The Cybersecurity Maturity Model Certification (CMMC) requirement for organizations working in the defense industrial base (DIB) is no different. There will be a third level for integrators and organizations dealing with what DoD has deemed to be the most critical CUI but they have not published the requirements for this level yet.

Accountability

Accountability Integration

The Go-To CMMC Policy Templates According to NIST

Etactics

MARCH 25, 2022

Written policies document nearly one-third of the 320 assessment objectives within CMMC. In fact, there are 281 results if you search for “policy” or “policies” in the CMMC Assessment Guide - Level 2. Policy frameworks start with high-level, organizational policies overseeing issue-specific and system-specific policies.

Regulations

Regulations Integration

CMMC Certification Cost: An Accurate Assessment

Etactics

AUGUST 3, 2021

Of course, what I’m referring to is the Cybersecurity Maturity Model Certification (CMMC). CMMC shook the ground for DoD contractors. If a current contractor with the DoD isn’t following the required safeguards, they will lose all of their existing business by the time CMMC comes into fruition. via National Defense Magazine.

Regulations

What is CMMC Compliance: An Authorized C3PAO Perspective

Etactics

NOVEMBER 22, 2022

At the time of writing this blog, there are currently 29 CMMC 3rd Party Assessor Organizations (C3PAOs) listed in The Cyber AB Marketplace. They started by providing SOC 2 services as a Certified Public Accounting firm. The CMMC Compliance Journey. Kompleye’s decision to pursue CMMC accreditation had two driving factors.

Accountability

NIST SP 800-171 vs 800-53: Everything You Need to Know

Etactics

AUGUST 22, 2023

In this blog, we look at two of their well known special publications (SP) and discuss: How to derive CMMC Strategies from the RMF NIST SP 800-53 Explained NIST SP 800-171 Explained Conclusion How to derive CMMC Strategies from the RMF This blog will explain the role SP 800-53 plays within the Risk Management Framework (RMF).

Integration

Integration Accountability

CMMC Level 2 Compliant Awareness Training Program Blog

Etactics

JULY 19, 2022

Now that we’ve reviewed the training requirements under the CMMC Level 1 practices, let’s discuss those found in Level 2. It’s important to remember that the CMMC Levels are cumulative. Organizations handling CUI will need to perform these practices in addition to those we already discussed for Level 1.

Accountability

The Ultimate Guide to CMMC Level 2 Requirements

Etactics

JANUARY 4, 2022

Of course, what I’m referring to is the Cybersecurity Maturity Model Certification (CMMC). Maybe you’re already familiar with the acronym and heard that the DoD recently pushed out the massive update, CMMC 2.0. If the DoD hasn’t finalized CMMC yet, is it even worth putting energy towards figuring it out right now? The CMMC 2.0

Integration

Integration Regulations Accountability

CMMC GRC Toolset Essentials: A Closer Look

Etactics

SEPTEMBER 21, 2023

The Cybersecurity Maturity Model Certification (CMMC) will introduce third-party verification of cybersecurity requirements. A few years ago, a blog summarized the requirements for CMMC-focused GRC applications. Assessment Objective Level Special Publication (SP) 800-171 contains 110 security requirements.

Accountability

Accountability Prevention

CMMC-AB September Town Hall: 12 Unanswered Questions and Key Takeaways

Etactics

OCTOBER 14, 2021

There were a lot of unanswered questions during the September 2021 CMMC Accreditation Board (CMMC-AB) Town Hall. The topics discussed added to the number of questions that the ecosystem had for the CMMC-AB this meeting. But the CMMC-AB only answered one of the questions that we planned on covering during the Q&A Town Hall.

Prevention

Prevention Accountability

CMMC-AB December Town Hall: Key Takeaways

Etactics

JANUARY 18, 2022

Changing of The Guard December’s CMMC-AB Town Hall event ushered in a changing of the guard within the accreditation body's board of directors. Mr. Johnson was the first Chairman elected at the CMMC-AB in January 2021. Scoping Guide Matthew Travis briefly walked through the Level 2 Scoping Guidance document. via CMMC-AB.

Regulations

Regulations Prevention

CMMC SSP: What It Is and Why You Need One

Etactics

MAY 12, 2022

The purpose of this blog is to: Explain why you need to have an SSP Identify necessary components Review formatting considerations Discuss Plans of Action & Milestones (POA&M) Explore Automation for SSP Generation. The SSP will exist as a roadmap moving forward, especially with upcoming CMMC rulemaking. with CMMC 2.0.

20 CMMC Updates From The CMMC-AB's CEO, Matthew Travis

Etactics

OCTOBER 12, 2021

It’s been over a year since the initial announcement of the upcoming Cybersecurity Maturity Model Certification (CMMC) implementation plan. Since then, thousands of blog posts and videos on the topic now exist (some of which came from us). He was on campus as the keynote speaker for the 2021 CMMC Summit, hosted by Rea & Associates.

Regulations

Health Care Quality Digest

Implementing 3.1.1 from NIST SP 800-171 Rev 2: Everything You Need to Know

CMMC Data Flow Diagrams: An Ultimate Guide

Trending Sources

CMMC Level 1 Continuous Monitoring: Everything You Need to Know

[ANSWERED] What is CMMC 2.0?

CMMC-AB May Town Hall: Key Takeaways

All CMMC Version 2.0 Changes and Their Impact

The Ultimate CMMC Scoping Guide: A Matrix for Every Level

An In-Depth Look Into CMMC Level 3 Requirements

CMMC-AB November 30 Town Hall: Key Takeaways and Unanswered Questions

What CMMC Stands For and Why You Need Know It

CMMC Training: Everything You Need to Know

An Explanation of All 17 Required CMMC Level 1 Controls

CMMC Level 1 Compliant Awareness Training: AC, MP, PE

The Go-To CMMC Policy Templates According to NIST

CMMC Certification Cost: An Accurate Assessment

What is CMMC Compliance: An Authorized C3PAO Perspective

NIST SP 800-171 vs 800-53: Everything You Need to Know

CMMC Level 2 Compliant Awareness Training Program Blog

The Ultimate Guide to CMMC Level 2 Requirements

CMMC GRC Toolset Essentials: A Closer Look

CMMC-AB September Town Hall: 12 Unanswered Questions and Key Takeaways

CMMC-AB December Town Hall: Key Takeaways

CMMC SSP: What It Is and Why You Need One

20 CMMC Updates From The CMMC-AB's CEO, Matthew Travis

Stay Connected