Health Care Quality Digest

CMMC Data Flow Diagrams: An Ultimate Guide

Etactics

MARCH 19, 2024

The Cybersecurity Maturity Model Certification (CMMC) program protects federal information from unauthorized disclosure. Organizations will either self-assess or undergo a third party assessment of security requirements. Level 1 is for organizations that handle Federal Contract Information (FCI).

Implementing 3.1.1 from NIST SP 800-171 Rev 2: Everything You Need to Know

Etactics

APRIL 24, 2024

NIST SP 800-171 prescribes 110 security requirements to protect the confidentiality of data. NIST SP 800-171A details 320 assessment procedures for these security requirements. The following blog explores in detail the first security requirement 3.1.1 under CMMC 2.0. As of 12/22/23, CMMC 2.1 1.001 then AC.L1-3.1.1

Accountability

Accountability Integration Regulations Prevention

CMMC Level 1 Continuous Monitoring: Everything You Need to Know

Etactics

APRIL 11, 2024

This blog discusses strategies for monitoring the effectiveness of security requirements. AC-2 within NIST SP 800-53 states that authorization should occur before granting access. Control assessments are infrequent, often occurring only once per year. Rather, these strategies supplement configurations of hardware and software.

Accountability

[ANSWERED] What is CMMC 2.0?

Etactics

JUNE 27, 2023

If you work within the Defense Industrial Base (DIB), you’ve likely heard rumblings surrounding “CMMC”. Well, let’s start by defining that CMMC stands for the Cybersecurity Maturity Model Certification. CMMC is an assessment standard designed to ensure that defense contractors comply with current cybersecurity requirements.

Accountability

Accountability Integration

CMMC GRC Toolset Essentials: A Closer Look

Etactics

SEPTEMBER 21, 2023

The Cybersecurity Maturity Model Certification (CMMC) will introduce third-party verification of cybersecurity requirements. A few years ago, a blog summarized the requirements for CMMC-focused GRC applications. Roll up each assessment objective to determine the security requirement compliance.

Accountability

Accountability Prevention

The Ultimate Guide to CMMC Level 2 Requirements

Etactics

JANUARY 4, 2022

Of course, what I’m referring to is the Cybersecurity Maturity Model Certification (CMMC). Maybe you’re already familiar with the acronym and heard that the DoD recently pushed out the massive update, CMMC 2.0. If the DoD hasn’t finalized CMMC yet, is it even worth putting energy towards figuring it out right now? The CMMC 2.0

Integration

Integration Regulations Accountability

All CMMC Version 2.0 Changes and Their Impact

Etactics

NOVEMBER 9, 2021

On November 4, 2021, the Acquisition and Sustainment Office of the Under Secretary of Defense (OUSD A&S) announced a new strategic direction for the Cybersecurity Maturity Model Certification (CMMC) framework. The launch of CMMC 2.0 These changes will have far-reaching implications throughout the CMMC ecosystem.

The Ultimate CMMC Scoping Guide: A Matrix for Every Level

Etactics

NOVEMBER 1, 2022

Scoping is often overlooked when preparing for a cybersecurity maturity model certification (CMMC). The purpose of this blog is to provide a resource that documents how to tailor the 320 objectives within NIST SP 800-171A to the CMMC scope. Image Source: CMMC Self-Assessment Scope Level 2. Table of Contents.

Regulations

CMMC-AB May Town Hall: Key Takeaways

Etactics

JUNE 28, 2022

May’s CMMC-AB Town Hall marked the end of an era. There will be no more CMMC-AB Town Halls discussing what the accreditation body is doing to prepare the ecosystem of consultants, educators and assessors for the upcoming final CMMC rule. That’s because, in May’s Town Hall, the CMMC-AB announced their rebranding to The Cyber AB.

Integration

An In-Depth Look Into CMMC Level 3 Requirements

Etactics

AUGUST 10, 2021

Of course, what I’m referring to is the upcoming enforcement of the Cybersecurity Maturity Model Certification (CMMC). If you have any existing contracts with the DoD, you’ve probably heard the acronym “CMMC” whispered throughout your office, fueled by a general sense of fear. Maybe that’s what ultimately led you to this blog post.

Regulations

An Explanation of All 17 Required CMMC Level 1 Controls

Etactics

JULY 27, 2021

Enter CMMC, stage left. The Cybersecurity Maturity Model Certification (CMMC) is the result of a push by the Department of Defense (DoD) to protect the confidential information that its contractors deal with daily. The first version of CMMC came out in January 2020 and it affects all DoD contractors and their entire supply chain.

Integration

Integration Regulations Accountability

What CMMC Stands For and Why You Need Know It

Etactics

OCTOBER 5, 2021

CMMC stands for the Cybersecurity Maturity Model Certification. The first, and most important, absolute is that the Department of Defense is the governing body that’s mandating CMMC. The DoD plans on enforcing it from now until 2025, steadily increasing the number of contracts that contain CMMC as a requirement.

Regulations

Regulations Process improvement

CMMC Training: Everything You Need to Know

Etactics

AUGUST 31, 2021

Table of Contents Individuals Performing Services (IPS) Training Registered Practitioner (RP) Training Registered Provider Organization (RPO) Training Certified Third-Party Assessor Organization (C3PAO) Training CMMC Professionals (CCPs) and CMMC Assessors (CCAs) CMMC Provisional Assessor Training Conclusion.

CMMC Level 1 Compliant Awareness Training: AC, MP, PE

Etactics

JULY 12, 2022

The Cybersecurity Maturity Model Certification (CMMC) requirement for organizations working in the defense industrial base (DIB) is no different. There will be a third level for integrators and organizations dealing with what DoD has deemed to be the most critical CUI but they have not published the requirements for this level yet.

Accountability

Accountability Integration

CMMC-AB December Town Hall: Key Takeaways

Etactics

JANUARY 18, 2022

Changing of The Guard December’s CMMC-AB Town Hall event ushered in a changing of the guard within the accreditation body's board of directors. Mr. Johnson was the first Chairman elected at the CMMC-AB in January 2021. Scoping Guide Matthew Travis briefly walked through the Level 2 Scoping Guidance document. via CMMC-AB.

Regulations

Regulations Prevention

CMMC-AB November 30 Town Hall: Key Takeaways and Unanswered Questions

Etactics

DECEMBER 9, 2021

Table of Contents Town Hall Overview Credits for Exam Vouchers C3PAO Assessment Vouchers Renewals On Proposed Changes in CMMC 2.0 Concerns of CMMC 2.0 Benefits of CMMC 2.0 Town Hall Overview On November 30, 2021, the CMMC-AB held a scheduled Town Hall meeting to update the CMMC Ecosystem and defense industrial base (DIB).

Accountability

Accountability Integration

The Go-To CMMC Policy Templates According to NIST

Etactics

MARCH 25, 2022

Written policies document nearly one-third of the 320 assessment objectives within CMMC. In fact, there are 281 results if you search for “policy” or “policies” in the CMMC Assessment Guide - Level 2. Policy frameworks start with high-level, organizational policies overseeing issue-specific and system-specific policies.

Regulations

Regulations Integration

CMMC Certification Cost: An Accurate Assessment

Etactics

AUGUST 3, 2021

Of course, what I’m referring to is the Cybersecurity Maturity Model Certification (CMMC). CMMC shook the ground for DoD contractors. It requires that all 300,000 of them instill different cybersecurity safeguards based on where they land within the supply chain. via National Defense Magazine.

Regulations

What is CMMC Compliance: An Authorized C3PAO Perspective

Etactics

NOVEMBER 22, 2022

At the time of writing this blog, there are currently 29 CMMC 3rd Party Assessor Organizations (C3PAOs) listed in The Cyber AB Marketplace. They started by providing SOC 2 services as a Certified Public Accounting firm. The CMMC Compliance Journey. Kompleye’s decision to pursue CMMC accreditation had two driving factors.

Accountability

CMMC-AB September Town Hall: 12 Unanswered Questions and Key Takeaways

Etactics

OCTOBER 14, 2021

There were a lot of unanswered questions during the September 2021 CMMC Accreditation Board (CMMC-AB) Town Hall. The topics discussed added to the number of questions that the ecosystem had for the CMMC-AB this meeting. But the CMMC-AB only answered one of the questions that we planned on covering during the Q&A Town Hall.

Prevention

Prevention Accountability

20 CMMC Updates From The CMMC-AB's CEO, Matthew Travis

Etactics

OCTOBER 12, 2021

It’s been over a year since the initial announcement of the upcoming Cybersecurity Maturity Model Certification (CMMC) implementation plan. Since then, thousands of blog posts and videos on the topic now exist (some of which came from us). He was on campus as the keynote speaker for the 2021 CMMC Summit, hosted by Rea & Associates.

Regulations

NIST SP 800-171 vs 800-53: Everything You Need to Know

Etactics

AUGUST 22, 2023

In this blog, we look at two of their well known special publications (SP) and discuss: How to derive CMMC Strategies from the RMF NIST SP 800-53 Explained NIST SP 800-171 Explained Conclusion How to derive CMMC Strategies from the RMF This blog will explain the role SP 800-53 plays within the Risk Management Framework (RMF).

Integration

Integration Accountability

CMMC SSP: What It Is and Why You Need One

Etactics

MAY 12, 2022

A System Security Plan (SSP) defines the boundary of connected components that make up an information system and outlines how you implement security requirements. of NIST SP 800-171 requires non-federal organizations to develop, document and periodically update an SSP. The requirement for an SSP first appeared in June 2015.

Health Care Quality Digest

CMMC Data Flow Diagrams: An Ultimate Guide

Implementing 3.1.1 from NIST SP 800-171 Rev 2: Everything You Need to Know

Trending Sources

CMMC Level 1 Continuous Monitoring: Everything You Need to Know

[ANSWERED] What is CMMC 2.0?

CMMC GRC Toolset Essentials: A Closer Look

The Ultimate Guide to CMMC Level 2 Requirements

All CMMC Version 2.0 Changes and Their Impact

The Ultimate CMMC Scoping Guide: A Matrix for Every Level

CMMC-AB May Town Hall: Key Takeaways

An In-Depth Look Into CMMC Level 3 Requirements

An Explanation of All 17 Required CMMC Level 1 Controls

What CMMC Stands For and Why You Need Know It

CMMC Training: Everything You Need to Know

CMMC Level 1 Compliant Awareness Training: AC, MP, PE

CMMC-AB December Town Hall: Key Takeaways

CMMC-AB November 30 Town Hall: Key Takeaways and Unanswered Questions

The Go-To CMMC Policy Templates According to NIST

CMMC Certification Cost: An Accurate Assessment

What is CMMC Compliance: An Authorized C3PAO Perspective

CMMC-AB September Town Hall: 12 Unanswered Questions and Key Takeaways

20 CMMC Updates From The CMMC-AB's CEO, Matthew Travis

NIST SP 800-171 vs 800-53: Everything You Need to Know

CMMC SSP: What It Is and Why You Need One

Stay Connected