Health Care Quality Digest

CMMC Level 1 Continuous Monitoring: Everything You Need to Know

Etactics

APRIL 11, 2024

This blog discusses strategies for monitoring the effectiveness of security requirements. Control assessments are infrequent, often occurring only once per year. Continuous monitoring activities can provide better awareness of threats, vulnerabilities, and control effectiveness. i(a) identifying authorized users AC.L1-b.1.i(b)

Accountability

Implementing 3.1.1 from NIST SP 800-171 Rev 2: Everything You Need to Know

Etactics

APRIL 24, 2024

The following blog explores in detail the first security requirement 3.1.1 The proposed cybersecurity maturity model certification (CMMC) rule verifies SP 800-171. under CMMC 2.0. This practice applies to organizations seeking compliance within any level of CMMC. As of 12/22/23, CMMC 2.1 1.001 then AC.L1-3.1.1

Accountability

Accountability Integration Regulations Prevention

CMMC Data Flow Diagrams: An Ultimate Guide

Etactics

MARCH 19, 2024

The Cybersecurity Maturity Model Certification (CMMC) program protects federal information from unauthorized disclosure. Level 1 is for organizations that handle Federal Contract Information (FCI). Level 2 adds additional safeguarding requirements for protecting Controlled Unclassified Information (CUI).

[ANSWERED] What is CMMC 2.0?

Etactics

JUNE 27, 2023

If you work within the Defense Industrial Base (DIB), you’ve likely heard rumblings surrounding “CMMC”. Well, let’s start by defining that CMMC stands for the Cybersecurity Maturity Model Certification. CMMC is an assessment standard designed to ensure that defense contractors comply with current cybersecurity requirements.

Accountability

Accountability Integration

An Explanation of All 17 Required CMMC Level 1 Controls

Etactics

JULY 27, 2021

McAfee estimates that cybercrime costs more than 1% of the entire world’s GDP. To put that in numbers, that’s over $1 trillion. Enter CMMC, stage left. The first version of CMMC came out in January 2020 and it affects all DoD contractors and their entire supply chain.

Integration

Integration Regulations Accountability

The Ultimate CMMC Scoping Guide: A Matrix for Every Level

Etactics

NOVEMBER 1, 2022

Scoping is often overlooked when preparing for a cybersecurity maturity model certification (CMMC). The purpose of this blog is to provide a resource that documents how to tailor the 320 objectives within NIST SP 800-171A to the CMMC scope. Image Source: CMMC Self-Assessment Scope Level 2. Table of Contents.

Regulations

All CMMC Version 2.0 Changes and Their Impact

Etactics

NOVEMBER 9, 2021

On November 4, 2021, the Acquisition and Sustainment Office of the Under Secretary of Defense (OUSD A&S) announced a new strategic direction for the Cybersecurity Maturity Model Certification (CMMC) framework. The launch of CMMC 2.0 These changes will have far-reaching implications throughout the CMMC ecosystem.

CMMC-AB May Town Hall: Key Takeaways

Etactics

JUNE 28, 2022

May’s CMMC-AB Town Hall marked the end of an era. There will be no more CMMC-AB Town Halls discussing what the accreditation body is doing to prepare the ecosystem of consultants, educators and assessors for the upcoming final CMMC rule. That’s because, in May’s Town Hall, the CMMC-AB announced their rebranding to The Cyber AB.

Integration

CMMC Level 1 Compliant Awareness Training: AC, MP, PE

Etactics

JULY 12, 2022

The Cybersecurity Maturity Model Certification (CMMC) requirement for organizations working in the defense industrial base (DIB) is no different. There will be a third level for integrators and organizations dealing with what DoD has deemed to be the most critical CUI but they have not published the requirements for this level yet.

Accountability

Accountability Integration

An In-Depth Look Into CMMC Level 3 Requirements

Etactics

AUGUST 10, 2021

The defense contractor also landed a 60-year deal for the F-35 Joint Strike Fighter jet, valued at an estimated $1 trillion back in 2019. Of course, what I’m referring to is the upcoming enforcement of the Cybersecurity Maturity Model Certification (CMMC). Maybe that’s what ultimately led you to this blog post. via CMMC-AB.

Regulations

What CMMC Stands For and Why You Need Know It

Etactics

OCTOBER 5, 2021

CMMC stands for the Cybersecurity Maturity Model Certification. The first, and most important, absolute is that the Department of Defense is the governing body that’s mandating CMMC. The DoD plans on enforcing it from now until 2025, steadily increasing the number of contracts that contain CMMC as a requirement.

Regulations

Regulations Process improvement

The Go-To CMMC Policy Templates According to NIST

Etactics

MARCH 25, 2022

Written policies document nearly one-third of the 320 assessment objectives within CMMC. In fact, there are 281 results if you search for “policy” or “policies” in the CMMC Assessment Guide - Level 2. Policy frameworks start with high-level, organizational policies overseeing issue-specific and system-specific policies.

Regulations

Regulations Integration

CMMC-AB November 30 Town Hall: Key Takeaways and Unanswered Questions

Etactics

DECEMBER 9, 2021

Table of Contents Town Hall Overview Credits for Exam Vouchers C3PAO Assessment Vouchers Renewals On Proposed Changes in CMMC 2.0 Concerns of CMMC 2.0 Benefits of CMMC 2.0 Town Hall Overview On November 30, 2021, the CMMC-AB held a scheduled Town Hall meeting to update the CMMC Ecosystem and defense industrial base (DIB).

Accountability

Accountability Integration

CMMC Training: Everything You Need to Know

Etactics

AUGUST 31, 2021

Table of Contents Individuals Performing Services (IPS) Training Registered Practitioner (RP) Training Registered Provider Organization (RPO) Training Certified Third-Party Assessor Organization (C3PAO) Training CMMC Professionals (CCPs) and CMMC Assessors (CCAs) CMMC Provisional Assessor Training Conclusion.

CMMC Certification Cost: An Accurate Assessment

Etactics

AUGUST 3, 2021

A large majority of those organizations that contract with the government work with controlled unclassified information (CUI). Of course, what I’m referring to is the Cybersecurity Maturity Model Certification (CMMC). CMMC shook the ground for DoD contractors. via National Defense Magazine.

Regulations

NIST SP 800-171 vs 800-53: Everything You Need to Know

Etactics

AUGUST 22, 2023

In this blog, we look at two of their well known special publications (SP) and discuss: How to derive CMMC Strategies from the RMF NIST SP 800-53 Explained NIST SP 800-171 Explained Conclusion How to derive CMMC Strategies from the RMF This blog will explain the role SP 800-53 plays within the Risk Management Framework (RMF).

Integration

Integration Accountability

The Ultimate Guide to CMMC Level 2 Requirements

Etactics

JANUARY 4, 2022

Of course, what I’m referring to is the Cybersecurity Maturity Model Certification (CMMC). Maybe you’re already familiar with the acronym and heard that the DoD recently pushed out the massive update, CMMC 2.0. If the DoD hasn’t finalized CMMC yet, is it even worth putting energy towards figuring it out right now? The CMMC 2.0

Integration

Integration Regulations Accountability

CMMC-AB September Town Hall: 12 Unanswered Questions and Key Takeaways

Etactics

OCTOBER 14, 2021

There were a lot of unanswered questions during the September 2021 CMMC Accreditation Board (CMMC-AB) Town Hall. The topics discussed added to the number of questions that the ecosystem had for the CMMC-AB this meeting. But the CMMC-AB only answered one of the questions that we planned on covering during the Q&A Town Hall.

Prevention

Prevention Accountability

CMMC-AB December Town Hall: Key Takeaways

Etactics

JANUARY 18, 2022

Table of Contents Changing of The Guard Documentation Scoping Guide Controlled Unclassified Information (CUI) Assets Security Protection Assets Contractor Risk Management Assets (CRMA) Specialized Assets Other Scoping Guide Issues Q&A Session Conclusion. Johnson was the first Chairman elected at the CMMC-AB in January 2021.

Regulations

Regulations Prevention

CMMC SSP: What It Is and Why You Need One

Etactics

MAY 12, 2022

DoD, GSA, and NASA require all contractors and supply chain partners that handle controlled unclassified information (CUI) to implement the security safeguards defined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. Control 3.12.4 via NIST SP 800-171 Rev 1 December 2016.

20 CMMC Updates From The CMMC-AB's CEO, Matthew Travis

Etactics

OCTOBER 12, 2021

It’s been over a year since the initial announcement of the upcoming Cybersecurity Maturity Model Certification (CMMC) implementation plan. Since then, thousands of blog posts and videos on the topic now exist (some of which came from us). He was on campus as the keynote speaker for the 2021 CMMC Summit, hosted by Rea & Associates.

Regulations

Health Care Quality Digest

CMMC Level 1 Continuous Monitoring: Everything You Need to Know

Implementing 3.1.1 from NIST SP 800-171 Rev 2: Everything You Need to Know

Trending Sources

CMMC Data Flow Diagrams: An Ultimate Guide

[ANSWERED] What is CMMC 2.0?

An Explanation of All 17 Required CMMC Level 1 Controls

The Ultimate CMMC Scoping Guide: A Matrix for Every Level

All CMMC Version 2.0 Changes and Their Impact

CMMC-AB May Town Hall: Key Takeaways

CMMC Level 1 Compliant Awareness Training: AC, MP, PE

An In-Depth Look Into CMMC Level 3 Requirements

What CMMC Stands For and Why You Need Know It

The Go-To CMMC Policy Templates According to NIST

CMMC-AB November 30 Town Hall: Key Takeaways and Unanswered Questions

CMMC Training: Everything You Need to Know

CMMC Certification Cost: An Accurate Assessment

NIST SP 800-171 vs 800-53: Everything You Need to Know

The Ultimate Guide to CMMC Level 2 Requirements

CMMC-AB September Town Hall: 12 Unanswered Questions and Key Takeaways

CMMC-AB December Town Hall: Key Takeaways

CMMC SSP: What It Is and Why You Need One

20 CMMC Updates From The CMMC-AB's CEO, Matthew Travis

Stay Connected