This is an archived page with information out of date. I was really playing with CSS Grid

Introduction to CMMC

Overview of CMMC 2.0

An overview of how we return (well we never left) to the baseline requirements of NIST-SP-800-171

What is CMMC?

An Introduction to the CMMC 1.0 model (defunct)

21 Questions to Guage CMMC Readiness

Make sure you have some basics in place before paying for any CMMC assessments. Use this list of questions to guide your journey.

Suggested Reading List

CMMC takes reading. Compliance takes reading. Learning takes reading. My list of the top must reads from NIST.

Three Goals of Cybersecurity

Salazar’s Testimony to Congreess

Start Worrying About Assessment Objectives

CMMC by the numbers. Forget 110, Delta 20, ofr even the 320 assessment obectives of 171a. Start thinking CMMC by the numbers (defunct…back to 171 and 320 objectives from 171a).

How to Get Started on a CMMC Journey

A starting place for companies who may not have much of a hygeine program in place.

Does CMMC impact my Company?

Do you even know if your company will need to comply with the Cybersecurity Maturity Model Certification Program?

Universities and CMMC

Universities need to deal with 171 on multiple fronts. Policy, open government laws, and shared governance may all combine to make change hard.

Learn the basics of the CMMC program and the NIST-SP-800-171 standard

CMMC History

History of CMMC

A brief timeline of events that brought us back to 2017.

CMMC People and Players

Authorities, Organizations, and People in the CMMC ecosystem.

A History of CMMC from FISMA until Today

Protecting Sensitive Data

Basics of CUI

An overview of Controlled Unclassified Information utlizing ISOO training videos.

Controlled Unclassified Information Gloassary

A quick reference defining all things CUI.

CUI Practices and Processes

A quick reference to all practices and processes that explictly mention CUI.

An overview of Federal Contract Information and Controlled Unclassified Information

Scoping


Is my IT Provider In Scope?

An early discussion of IT providers. New scoping Guidance is out.


CUI and Data Ownership

Taking an inventory of who’s in charge.


Ethics

CMMC and Ethics

The systems and rules set up to ensure a trustworthy ecosystem.

Principles of Ethics in Cybersecurity

A Guide to Scoping and CMMC

CMMC Methodology

DEFUNCT: CMMC Process Assessment

How to Use Discussion Section of Assessment Guide

The Assessment Guide provides a discussion section. Learn the role and how to use it.

Prerequisites for DIBCAC CMMC Assessment

The plan DIBCAC laid out to assess C3PAOs under CMMC 1.0

Prerequisites for DIBCAC CMMC Assessment

The plan DIBCAC laid out to assess C3PAOs under CMMC 1.0

How long does a CMMC Assessment Take?

A guesstimation of a CMMC assessment timeframe using DIBCAC’s C3PAO assessments as a guide.

Shared Responsibility Matrix

An early discussion on the shared responsibility matrix. Importance has grown with new scoping guidance.

Six ways a CCP Can Help During a CMMC Assessment

How a Certified CMMC Professional will work with organizations seeking certification.

A how-to guide for CMMC methodology

Identity and Access Management

Asset Categorization and CMMC

People and Processes

Asset Categorization and CMMC

Did Cybersecurity Boot Camps Break Us?

Cybersecurity Begins with Awareness and Training

Inventory Matters

Technical Systems

Governance