DO NOT watch this if you are a Defense Industrial Base (DIB) Contractor. You have real work to do by implementing NIST SP 800-171 Revision 2 versus finding out about the NIST SP 800-171 Rev 3 Draft.  Here is what you need to do:

1. Ignore all of the CMMC Ecosystem Drama around the NIST SP 800-171 Rev 3 Draft for the next two years
2. Add a Risk Registry to “Monitor” NIST SP 800-171 Rev 3 Draft and when published for impacts to your system compliance requirements
3. FOCUS on getting NIST SP 800-171 Revision 2 implemented, including the Non-Federal Organization controls

Okay, for everyone else, this “As the CMMC Churns” looks at NIST SP 800-171 Rev 3 Initial Public Draft. In our review, we concluded that Ron Ross & Victoria Pilliteri are brilliant at how they drafted revision 3 and their public math skills (a.k.a., Federal Math) were ‘challenging.’

The bottom line is there are more Information Security requirements under the new NIST SP 800-171 Rev 3. However, if I go by the strict count of requirements, I won the bet with Fernanda Machado of Cybersec Investments.