Etactics

FEBRUARY 10, 2022

The CMMC Accreditation Body (AB) kicked off a new year of Town Hall events on January 25, 2022. Given the updated DoD guidance for CMMC 2.0, They turned over all responsibilities to the professional paid staff at the CMMC-AB. His primary goal as chairman is to stabilize CMMC-AB. But, the introduction of CMMC 2.0

52

52

Etactics

AUGUST 26, 2021

CMMC is the abbreviation for the Cybersecurity Maturity Model Certification. CMMC compliant” means the Accreditation Board (AB) has certified your organization. In other words, you’re allowed to bid on Department of Defense (DoD) contracts that have CMMC requirements listed. The CMMC-AB coordinates everything with PAs.

Quality Assurance 52

Quality Assurance Accountability 52

Etactics

MAY 26, 2022

April’s CMMC-AB Town Hall meeting was a big one. It included the Accreditation Body’s unofficial estimate for anticipated CMMC Rulemaking timeline. Voluntary Assessments This Summer CMMC-AB CEO Matthew Travis said that DoD is intent on getting the voluntary assessment program up and running this summer.

Regulations 52

Regulations 52

Etactics

AUGUST 3, 2021

Of course, what I’m referring to is the Cybersecurity Maturity Model Certification (CMMC). CMMC shook the ground for DoD contractors. If a current contractor with the DoD isn’t following the required safeguards, they will lose all of their existing business by the time CMMC comes into fruition. via National Defense Magazine.

Regulations 52

Regulations 52

Etactics

AUGUST 31, 2021

Table of Contents Individuals Performing Services (IPS) Training Registered Practitioner (RP) Training Registered Provider Organization (RPO) Training Certified Third-Party Assessor Organization (C3PAO) Training CMMC Professionals (CCPs) and CMMC Assessors (CCAs) CMMC Provisional Assessor Training Conclusion.

52

52

Etactics

NOVEMBER 9, 2021

On November 4, 2021, the Acquisition and Sustainment Office of the Under Secretary of Defense (OUSD A&S) announced a new strategic direction for the Cybersecurity Maturity Model Certification (CMMC) framework. The launch of CMMC 2.0 These changes will have far-reaching implications throughout the CMMC ecosystem. The CMMC V1.02

52

52

Etactics

NOVEMBER 1, 2022

Scoping is often overlooked when preparing for a cybersecurity maturity model certification (CMMC). The purpose of this blog is to provide a resource that documents how to tailor the 320 objectives within NIST SP 800-171A to the CMMC scope. Image Source: CMMC Self-Assessment Scope Level 2. The relevance of scoping for level 2.

Regulations 52

Regulations 52

Etactics

MARCH 25, 2022

Written policies document nearly one-third of the 320 assessment objectives within CMMC. In fact, there are 281 results if you search for “policy” or “policies” in the CMMC Assessment Guide - Level 2. CMMC Guidance on Policies. CMMC Version 1 had specific requirements for each domain policy. CMMC Version 2.0

Regulations 52

Regulations Integration 52

Etactics

DECEMBER 9, 2021

Table of Contents Town Hall Overview Credits for Exam Vouchers C3PAO Assessment Vouchers Renewals On Proposed Changes in CMMC 2.0 Concerns of CMMC 2.0 Benefits of CMMC 2.0 Town Hall Overview On November 30, 2021, the CMMC-AB held a scheduled Town Hall meeting to update the CMMC Ecosystem and defense industrial base (DIB).

Accountability 52

Accountability Integration 52

Etactics

OCTOBER 29, 2021

The CMMC-AB held two Town Hall events in October to address a backlog of questions from the ecosystem. They provided much-needed insight into the current CMMC assessment process ongoing with C3PAOs. The CMMC-AB also did a better job during this second Town Hall answering questions as they arose in the Q & A Dialog box.

Prevention 52

Prevention 52

Etactics

AUGUST 10, 2021

Of course, what I’m referring to is the upcoming enforcement of the Cybersecurity Maturity Model Certification (CMMC). If you have any existing contracts with the DoD, you’ve probably heard the acronym “CMMC” whispered throughout your office, fueled by a general sense of fear. With that, let’s go over CMMC Level 3 Requirements.

Regulations 52

Regulations 52

Etactics

AUGUST 5, 2021

When we think of organizations seeking certification (OSCs) sitting down to look at the requirements proposed in the Cybersecurity Maturity Model Certification (CMMC), there are two types of reactions. Understand The Length of The Journey The CMMC Level 3 Assessment Guide is 430 pages long. First, it’s not knowing where to start.

Regulations 52

Regulations 52

Etactics

AUGUST 12, 2021

Table of Contents Understanding CMMC When is it too late to remediate? What are my options if I fail the CMMC assessment? What if my supply chain fails CMMC certification? If your product isn’t modified from a commercially available version, you may not need CMMC certification. What does success look like? Conclusion.

Quality Assurance 52

Quality Assurance Accountability Prevention 52

Etactics

JULY 27, 2021

Enter CMMC, stage left. The Cybersecurity Maturity Model Certification (CMMC) is the result of a push by the Department of Defense (DoD) to protect the confidential information that its contractors deal with daily. The first version of CMMC came out in January 2020 and it affects all DoD contractors and their entire supply chain.

Integration 52

Integration Regulations Accountability 52

Etactics

JULY 12, 2022

The Cybersecurity Maturity Model Certification (CMMC) requirement for organizations working in the defense industrial base (DIB) is no different. via CMMC Level 2 Assessment Guide. Table of Contents CMMC Level 1 Training Requirements AC.L1-3.1.20 Table of Contents CMMC Level 1 Training Requirements AC.L1-3.1.20

Accountability 52

Accountability Integration 52

Etactics

NOVEMBER 11, 2021

Town Town Hall Overview On November 9, 2021, the CMMC-AB held an impromptu Town Hall meeting to discuss the release of CMMC 2.0. With the changes announced in the release of CMMC 2.0, there was a lot of interest in what the CMMC-AB would say in this event. Before drafting CMMC 2.0, The CMMC 2.0

Accountability 52

Accountability 52

Etactics

NOVEMBER 11, 2021

Town Town Hall Overview On November 9, 2021, the CMMC-AB held an impromptu Town Hall meeting to discuss the release of CMMC 2.0. With the changes announced in the release of CMMC 2.0, there was a lot of interest in what the CMMC-AB would say in this event. Before drafting CMMC 2.0, The CMMC 2.0

Accountability 52

Accountability 52

Etactics

OCTOBER 5, 2021

CMMC stands for the Cybersecurity Maturity Model Certification. The first, and most important, absolute is that the Department of Defense is the governing body that’s mandating CMMC. The DoD plans on enforcing it from now until 2025, steadily increasing the number of contracts that contain CMMC as a requirement.

Regulations 52

Regulations Process improvement 52

Etactics

AUGUST 19, 2021

Table of Contents Safeguarding Sensitive Information Current Legal Obligations Upcoming Cybersecurity Maturity Model Certification (CMMC) Understanding CMMC Levels and Assessments The Benefits of Using a Network Enclave Start Preparing Now. Even after rule-making, the CMMC roll-out approach will be a crawl, walk, run.

Regulations 52

Regulations 52

Etactics

SEPTEMBER 28, 2021

A CMMC Readiness Assessment is a review of objective evidence (OE). Table of Contents Who can perform a CMMC Readiness Assessment? CMMC Objective Evidence and Readiness Assessments Examine Interview & Test Conclusion. Who can perform a CMMC Readiness Assessment? You’re more than welcome to seek their business.

52

52

Etactics

APRIL 24, 2024

The proposed cybersecurity maturity model certification (CMMC) rule verifies SP 800-171. under CMMC 2.0. This practice applies to organizations seeking compliance within any level of CMMC. As of 12/22/23, CMMC 2.1 creates two numbers for this requirement: CMMC Level 1 uses the label AC.L1-B.1.I. CMMC section 170.21

Accountability 52

Accountability Integration Regulations Prevention 52

Etactics

MARCH 27, 2024

The Policies Importance of Compliance Training How does CUI relate to CMMC? A good example of this is through the Cybersecurity Maturity Model Certification (CMMC) program. How does CUI relate to CMMC? Did you know that the DoD is migrating to using only the CMMC framework? And how should one go about it?

Regulations 52

Regulations Integration 52

Etactics

NOVEMBER 28, 2023

They are anticipating a proposed rule for the Cybersecurity Maturity Model Certification (CMMC). CMMC may bring third-party assessment requirements to the NIST SP 800-171 standard. On November 17, they completed their review of supporting CMMC documents. On November 17, they completed their review of supporting CMMC documents.

Regulations 52

Regulations Accountability 52

Etactics

OCTOBER 14, 2022

Since late this summer, authorized CMMC 3rd Party Assessor Organizations (C3PAOs) have been working alongside the DIBCAC to conduct voluntary assessments. The assessment process has been following the existing process DIBCAC High Assurance assessments, not the recently released draft CMMC Assessment Process (CAP). Ecosystem Updates.

Accountability 52

Accountability Regulations Prevention 52

Etactics

FEBRUARY 1, 2022

Is the Scope the Same for CMMC Level 2? Is the Scope the Same for CMMC Level 2? In December 2021, DoD released the CMMC Assessment Scope Level 2 guide. Under CMMC 2.0, These are the primary assets assessed in CMMC as well but there is one slight change we’ll make to the definition of Special Protection Assets.

Accountability 52

Accountability Integration 52

Etactics

AUGUST 9, 2022

During the event came the release of the much anticipated CMMC Assessment Process (CAP). draft of the CMMC Assessment Process published, the Cyber AB and accredited CMMC 3rd Party Assessment Organizations (C3PAOs) are moving forward with the voluntary assessment program The CyberAB coined the phrase "Joint Surveillance" during the townhall.

Regulations 52

Regulations 52

Etactics

SEPTEMBER 21, 2023

The Cybersecurity Maturity Model Certification (CMMC) will introduce third-party verification of cybersecurity requirements. A few years ago, a blog summarized the requirements for CMMC-focused GRC applications. Here is an awesome open-source CMMC applicability matrix. Let’s take requirement 3.5.3 CMMCGRCToolset_5_923.png

Accountability 52

Accountability Prevention 52

Etactics

AUGUST 4, 2022

The CMMC Assessment Process (CAP) provides the procedures and guidance for CMMC Third-Party Assessment Organizations (C3PAOs) conducting official CMMC Level 2 Assessments of organizations seeking certification (OSCs). Lead Assessor : A CMMC Certified Assessor (CCA) who oversees the Assessment Team.

Quality Assurance 52

Quality Assurance Quality Review Accountability Integration 52

Etactics

JANUARY 4, 2022

Of course, what I’m referring to is the Cybersecurity Maturity Model Certification (CMMC). Maybe you’re already familiar with the acronym and heard that the DoD recently pushed out the massive update, CMMC 2.0. If the DoD hasn’t finalized CMMC yet, is it even worth putting energy towards figuring it out right now? The CMMC 2.0

Integration 52

Integration Regulations Accountability 52

Etactics

OCTOBER 14, 2021

There were a lot of unanswered questions during the September 2021 CMMC Accreditation Board (CMMC-AB) Town Hall. The topics discussed added to the number of questions that the ecosystem had for the CMMC-AB this meeting. But the CMMC-AB only answered one of the questions that we planned on covering during the Q&A Town Hall.

Prevention 52

Prevention Accountability 52

Etactics

APRIL 12, 2022

This month’s CMMC-AB Town Hall included a special guest from the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). He used his time to address a litany of questions that have lingered since the announcement of CMMC 2.0. Together they became the seventh and eighth authorized C3PAOs in the CMMC-AB Marketplace.

52

52

Etactics

AUGUST 22, 2023

In this blog, we look at two of their well known special publications (SP) and discuss: How to derive CMMC Strategies from the RMF NIST SP 800-53 Explained NIST SP 800-171 Explained Conclusion How to derive CMMC Strategies from the RMF This blog will explain the role SP 800-53 plays within the Risk Management Framework (RMF).

Integration 52

Integration Accountability 52

Etactics

JANUARY 18, 2022

Changing of The Guard December’s CMMC-AB Town Hall event ushered in a changing of the guard within the accreditation body's board of directors. Mr. Johnson was the first Chairman elected at the CMMC-AB in January 2021. via CMMC-AB. via CMMC Level 2 Scoping Guide. It categorizes assets into five groups.

Regulations 52

Regulations Prevention 52

Etactics

MAY 12, 2022

The SSP will exist as a roadmap moving forward, especially with upcoming CMMC rulemaking. with CMMC 2.0. Let’s start with the specific requirements for an SSP within CMMC and we’ll use NIST SP 800-18 for additional guidance: via CMMC Assessment Guide - Level 2. (A) via CMMC Assessment Scope Level 2. (C)

52

52

Etactics

JULY 19, 2022

Now that we’ve reviewed the training requirements under the CMMC Level 1 practices, let’s discuss those found in Level 2. It’s important to remember that the CMMC Levels are cumulative. All employees should take the CMMC Level 1 training but that may not be the case for CMMC Level 2. Table of Contents AC.L2-3.1.21

Accountability 72

Accountability 72

Etactics

OCTOBER 28, 2021

As organizations prepare for CMMC, the first question they need to answer is what controlled unclassified information (CUI) they have. This will determine the scope of information systems that process, store, or transmit CUI. In an ideal world, the government marks all CUI when it flows to contractors. Further reading of 5200.01

Regulations 52

Regulations Prevention 52

Etactics

SEPTEMBER 9, 2021

If an OSC wants to get assessed now, they must first contact the CMMC-AB. They then need to show that they’re bidding on a contract that contains CMMC requirements. The CMMC-AB hasn’t certified any assessors. There are currently 106 provisional assessors listed in the CMMC marketplace. Can you speak to this, please?

Regulations 52

Regulations 52