Health Care Quality Digest

How to Identify Authorized Recipients of Controlled Unclassified Information

Etactics

NOVEMBER 23, 2021

In the defense industrial base, Controlled Unclassified Information (CUI) flows up and down the supply chain. But who should or shouldn’t have access to CUI? To answer this, we must look at the laws and regulations that govern access to CUI. Now that this is a little easier to understand, what does it mean for sharing CUI?

Regulations

Everything You Need to Know About CUI Designations

Etactics

OCTOBER 28, 2021

As organizations prepare for CMMC, the first question they need to answer is what controlled unclassified information (CUI) they have. This will determine the scope of information systems that process, store, or transmit CUI. In an ideal world, the government marks all CUI when it flows to contractors. What isn’t CUI?

Regulations

Regulations Prevention

The Ultimate CMMC Scoping Guide: A Matrix for Every Level

Etactics

NOVEMBER 1, 2022

The purpose of this blog is to provide a resource that documents how to tailor the 320 objectives within NIST SP 800-171A to the CMMC scope. The Level 2 Scoping Guide applies to organizations handling controlled unclassified information (CUI). Definition of Controlled Unclassified Information (CUI). CUI is a subset of FCI.

Regulations

NIST SP 800-171 vs 800-53: Everything You Need to Know

Etactics

AUGUST 22, 2023

In this blog, we look at two of their well known special publications (SP) and discuss: How to derive CMMC Strategies from the RMF NIST SP 800-53 Explained NIST SP 800-171 Explained Conclusion How to derive CMMC Strategies from the RMF This blog will explain the role SP 800-53 plays within the Risk Management Framework (RMF).

Integration

Integration Accountability

What CMMC Stands For and Why You Need Know It

Etactics

OCTOBER 5, 2021

Luckily for you, the rest of this blog post explains what CMMC is and why you need to know it. To put it simply, COTS contractors don’t need to adhere to CMMC because they don’t deal with or modify their products to handle controlled unclassified information (CUI). In the past, the guidance on CUI was more or less based on good faith.

Regulations

Regulations Process improvement

[ANSWERED] What is CMMC 2.0?

Etactics

JUNE 27, 2023

CMMC is an assessment standard designed to ensure that defense contractors comply with current cybersecurity requirements. It doesn't matter if organizations handle Controlled Unclassified Information (CUI) or Federal Contract Information (FCI). Level 2 (Advanced) Companies should be compliant with CMMC’s level 2 if they deal with CUI.

Accountability

Accountability Integration

An In-Depth Look Into CMMC Level 3 Requirements

Etactics

AUGUST 10, 2021

Maybe that’s what ultimately led you to this blog post. However, Level 2 is more of a temporary designation given to organizations that are in pursuit of Level 3. Luckily, the CMMC-AB designed the pyramid above to help illustrate how the Levels within the model work. The fear throughout your office is justifiable. via CMMC-AB.

Regulations

CMMC-AB May Town Hall: Key Takeaways

Etactics

JUNE 28, 2022

There is a new advanced Registered Practitioner designation coming in July A few weeks after The Cyber AB Town Hall, PreVeil hosted Countdown to Compliance: Expect CMMC by May 2023 with special guests DoD Deputy CIO David McKeown and Director of CMMC Stacy Bostjanick. They updated their website and marketplace. Source: The Cyber AB.

Integration

CMMC Training: Everything You Need to Know

Etactics

AUGUST 31, 2021

This blog post will identify the differences between these individuals and organizations. The biggest difference between certified and registered designation is the training and accreditation involved. Completion of the Department of Defense (DoD) Controlled Unclassified Information (CUI) training. It will contain the following.

CMMC Level 1 Continuous Monitoring: Everything You Need to Know

Etactics

APRIL 11, 2024

This blog discusses strategies for monitoring the effectiveness of security requirements. Control assessments are infrequent, often occurring only once per year. Continuous monitoring activities can provide better awareness of threats, vulnerabilities, and control effectiveness. iii (a) identify connections to external systems AC.L1-b.1.iii

Accountability

CMMC SSP: What It Is and Why You Need One

Etactics

MAY 12, 2022

DoD, GSA, and NASA require all contractors and supply chain partners that handle controlled unclassified information (CUI) to implement the security safeguards defined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. It demonstrates compliance with the CUI safeguarding requirements.

Controlled Unclassified Information Markings: What They Mean and Why They're Important

Etactics

NOVEMBER 4, 2021

In our last blog post, I covered what CUI is. For this one, I’ll cover the traditional and non-traditional ways of marking CUI The marking process is what alerts holders to the information that needs protection. The CUI Registry establishes this marking process. Section 2002.4 of Title 32 CFR defines three control levels.

Regulations

The Ultimate Guide to CMMC Level 2 Requirements

Etactics

JANUARY 4, 2022

Level 2 requirements are for any contractor or supplier who receives or generates Controlled Unclassified Information (CUI). But, it will only be for large integrators who receive or generate CUI deemed most critical to national security. This only happens based on how the DoD considers the nature of the CUI involved in a contract.

Integration

Integration Regulations Accountability

NIST SP 800-171 Rev 3 Crosswalk of Assessment Objectives (XLSX Included)

Etactics

JUNE 7, 2023

This blog will focus on the following: Creating assessment objectives from the initial public draft of Revision 3 Mapping Revision 3 to Revision 2 assessment objectives Commentary on the NIST provided summary of significant changes Creating Assessment Objectives from Rev 3 NIST SP 800-171A is the assessment guide to SP 800-171 security requirements.

20 CMMC Updates From The CMMC-AB's CEO, Matthew Travis

Etactics

OCTOBER 12, 2021

Since then, thousands of blog posts and videos on the topic now exist (some of which came from us). As currently designed, prime and subcontractors will need a CMMC certification. Although that’s arguably a side-effect, the regulation’s main purpose is to place protections on Controlled Unclassified Information (CUI).

Regulations

Health Care Quality Digest

How to Identify Authorized Recipients of Controlled Unclassified Information

Everything You Need to Know About CUI Designations

Trending Sources

The Ultimate CMMC Scoping Guide: A Matrix for Every Level

NIST SP 800-171 vs 800-53: Everything You Need to Know

What CMMC Stands For and Why You Need Know It

[ANSWERED] What is CMMC 2.0?

An In-Depth Look Into CMMC Level 3 Requirements

CMMC-AB May Town Hall: Key Takeaways

CMMC Training: Everything You Need to Know

CMMC Level 1 Continuous Monitoring: Everything You Need to Know

CMMC SSP: What It Is and Why You Need One

Controlled Unclassified Information Markings: What They Mean and Why They're Important

The Ultimate Guide to CMMC Level 2 Requirements

NIST SP 800-171 Rev 3 Crosswalk of Assessment Objectives (XLSX Included)

20 CMMC Updates From The CMMC-AB's CEO, Matthew Travis

Stay Connected