Health Care Quality Digest

[ANSWERED] Who is Responsible for Protecting CUI?

Etactics

MARCH 27, 2024

Table of Contents What is CUI? The Policies Importance of Compliance Training How does CUI relate to CMMC? Conclusion What is CUI? First, let’s go over what exactly controlled unclassified information (CUI) is. IBM reports that in quarter 4 of 2023, we saw the exposure of nearly 8 million records worldwide.

Regulations

Regulations Integration

[ANSWERED] What is CMMC 2.0?

Etactics

JUNE 27, 2023

If you work within the Defense Industrial Base (DIB), you’ve likely heard rumblings surrounding “CMMC”. What does that even mean? Well, let’s start by defining that CMMC stands for the Cybersecurity Maturity Model Certification. At that point, CMMC will begin showing up in contracts. Yet, the current CMMC version is 2.0.

Accountability

Accountability Integration

Implementing 3.1.1 from NIST SP 800-171 Rev 2: Everything You Need to Know

Etactics

APRIL 24, 2024

The following blog explores in detail the first security requirement 3.1.1 The proposed cybersecurity maturity model certification (CMMC) rule verifies SP 800-171. under CMMC 2.0. This practice applies to organizations seeking compliance within any level of CMMC. As of 12/22/23, CMMC 2.1 1.001 then AC.L1-3.1.1

Accountability

Accountability Integration Regulations Prevention

CMMC Data Flow Diagrams: An Ultimate Guide

Etactics

MARCH 19, 2024

The Cybersecurity Maturity Model Certification (CMMC) program protects federal information from unauthorized disclosure. This blog focuses on how organizations define those boundaries. What is an authorization boundary? What is an authorization boundary? How do you define a CMMC Level 1 authorization boundary?

CMMC Level 1 Continuous Monitoring: Everything You Need to Know

Etactics

APRIL 11, 2024

This blog discusses strategies for monitoring the effectiveness of security requirements. Once developed, the following tasks help maintain the authorized account list: System Access Briefings Review of Account Access Review of Account Types Maintaining an authorized account list helps meet the following CMMC Level 1 objectives: AC.L1-b.1.i(a)

Accountability

CMMC-AB May Town Hall: Key Takeaways

Etactics

JUNE 28, 2022

May’s CMMC-AB Town Hall marked the end of an era. There will be no more CMMC-AB Town Halls discussing what the accreditation body is doing to prepare the ecosystem of consultants, educators and assessors for the upcoming final CMMC rule. 5 New CMMC 3rd Party Assessor Organizations received accreditation.

Integration

CMMC Certification Cost: An Accurate Assessment

Etactics

AUGUST 3, 2021

Although what I just wrote is good news, it’s also a logistical nightmare. I don’t think what I’m about to write is the case, but it seems like that statistic is almost directly targeting DoD contractors. One of the biggest reasons why I jokingly think that is because of what the DoD introduced on January 31, 2020.

Regulations

What is CMMC Compliance: An Authorized C3PAO Perspective

Etactics

NOVEMBER 22, 2022

At the time of writing this blog, there are currently 29 CMMC 3rd Party Assessor Organizations (C3PAOs) listed in The Cyber AB Marketplace. The CMMC Compliance Journey. Kompleye’s decision to pursue CMMC accreditation had two driving factors. It resembled the recently released draft CMMC Assessment Process (CAP).

Accountability

An Explanation of All 17 Required CMMC Level 1 Controls

Etactics

JULY 27, 2021

Enter CMMC, stage left. The Cybersecurity Maturity Model Certification (CMMC) is the result of a push by the Department of Defense (DoD) to protect the confidential information that its contractors deal with daily. The first version of CMMC came out in January 2020 and it affects all DoD contractors and their entire supply chain.

Integration

Integration Regulations Accountability

The Go-To CMMC Policy Templates According to NIST

Etactics

MARCH 25, 2022

Written policies document nearly one-third of the 320 assessment objectives within CMMC. In fact, there are 281 results if you search for “policy” or “policies” in the CMMC Assessment Guide - Level 2. CMMC Guidance on Policies. CMMC Version 1 had specific requirements for each domain policy. CMMC Version 2.0

Regulations

Regulations Integration

All CMMC Version 2.0 Changes and Their Impact

Etactics

NOVEMBER 9, 2021

On November 4, 2021, the Acquisition and Sustainment Office of the Under Secretary of Defense (OUSD A&S) announced a new strategic direction for the Cybersecurity Maturity Model Certification (CMMC) framework. The launch of CMMC 2.0 These changes will have far-reaching implications throughout the CMMC ecosystem. The CMMC V1.02

An In-Depth Look Into CMMC Level 3 Requirements

Etactics

AUGUST 10, 2021

What I just wrote may sound like it’s a bold statement. Of course, what I’m referring to is the upcoming enforcement of the Cybersecurity Maturity Model Certification (CMMC). Maybe that’s what ultimately led you to this blog post. Yet, Lockheed Martin made $50.7 billion in revenue from DoD contracts in 2017 alone.

Regulations

CMMC Level 1 Compliant Awareness Training: AC, MP, PE

Etactics

JULY 12, 2022

The Cybersecurity Maturity Model Certification (CMMC) requirement for organizations working in the defense industrial base (DIB) is no different. There will be a third level for integrators and organizations dealing with what DoD has deemed to be the most critical CUI but they have not published the requirements for this level yet.

Accountability

Accountability Integration

The Ultimate CMMC Scoping Guide: A Matrix for Every Level

Etactics

NOVEMBER 1, 2022

Scoping is often overlooked when preparing for a cybersecurity maturity model certification (CMMC). The purpose of this blog is to provide a resource that documents how to tailor the 320 objectives within NIST SP 800-171A to the CMMC scope. Image Source: CMMC Self-Assessment Scope Level 2. What isn’t FCI?

Regulations

CMMC-AB November 30 Town Hall: Key Takeaways and Unanswered Questions

Etactics

DECEMBER 9, 2021

Table of Contents Town Hall Overview Credits for Exam Vouchers C3PAO Assessment Vouchers Renewals On Proposed Changes in CMMC 2.0 Concerns of CMMC 2.0 Benefits of CMMC 2.0 Town Hall Overview On November 30, 2021, the CMMC-AB held a scheduled Town Hall meeting to update the CMMC Ecosystem and defense industrial base (DIB).

Accountability

Accountability Integration

Everything You Need to Know About CUI Designations

Etactics

OCTOBER 28, 2021

As organizations prepare for CMMC, the first question they need to answer is what controlled unclassified information (CUI) they have. Well, overstating CUI significantly increases the cost for compliance across more information systems. What should you do? Table of Contents What is CUI? What isn’t CUI?

Regulations

Regulations Prevention

The Ultimate Guide to CMMC Level 2 Requirements

Etactics

JANUARY 4, 2022

Of course, what I’m referring to is the Cybersecurity Maturity Model Certification (CMMC). Maybe you’re already familiar with the acronym and heard that the DoD recently pushed out the massive update, CMMC 2.0. Maybe you’re already familiar with the acronym and heard that the DoD recently pushed out the massive update, CMMC 2.0.

Integration

Integration Regulations Accountability

CMMC-AB September Town Hall: 12 Unanswered Questions and Key Takeaways

Etactics

OCTOBER 14, 2021

There were a lot of unanswered questions during the September 2021 CMMC Accreditation Board (CMMC-AB) Town Hall. The topics discussed added to the number of questions that the ecosystem had for the CMMC-AB this meeting. But the CMMC-AB only answered one of the questions that we planned on covering during the Q&A Town Hall.

Prevention

Prevention Accountability

CMMC SSP: What It Is and Why You Need One

Etactics

MAY 12, 2022

The purpose of this blog is to: Explain why you need to have an SSP Identify necessary components Review formatting considerations Discuss Plans of Action & Milestones (POA&M) Explore Automation for SSP Generation. There is interest, to have a better understanding of what controls are there to protect this information.

20 CMMC Updates From The CMMC-AB's CEO, Matthew Travis

Etactics

OCTOBER 12, 2021

It’s been over a year since the initial announcement of the upcoming Cybersecurity Maturity Model Certification (CMMC) implementation plan. Since then, thousands of blog posts and videos on the topic now exist (some of which came from us). He was on campus as the keynote speaker for the 2021 CMMC Summit, hosted by Rea & Associates.

Regulations

Health Care Quality Digest

[ANSWERED] Who is Responsible for Protecting CUI?

[ANSWERED] What is CMMC 2.0?

Trending Sources

Implementing 3.1.1 from NIST SP 800-171 Rev 2: Everything You Need to Know

CMMC Data Flow Diagrams: An Ultimate Guide

CMMC Level 1 Continuous Monitoring: Everything You Need to Know

CMMC-AB May Town Hall: Key Takeaways

CMMC Certification Cost: An Accurate Assessment

What is CMMC Compliance: An Authorized C3PAO Perspective

An Explanation of All 17 Required CMMC Level 1 Controls

The Go-To CMMC Policy Templates According to NIST

All CMMC Version 2.0 Changes and Their Impact

An In-Depth Look Into CMMC Level 3 Requirements

CMMC Level 1 Compliant Awareness Training: AC, MP, PE

The Ultimate CMMC Scoping Guide: A Matrix for Every Level

CMMC-AB November 30 Town Hall: Key Takeaways and Unanswered Questions

Everything You Need to Know About CUI Designations

The Ultimate Guide to CMMC Level 2 Requirements

CMMC-AB September Town Hall: 12 Unanswered Questions and Key Takeaways

CMMC SSP: What It Is and Why You Need One

20 CMMC Updates From The CMMC-AB's CEO, Matthew Travis

Stay Connected