Did you know your need a CRM for your CMMC Conformity Assessment? No, not a Customer Responsibility Management application–you need a Customer Responsibility Matrix (CRM). With it, now the Finger Pointing and the CRM will ensue as you try and figure out who is responsible for what.

If you don’t know:

  • What a CRM is?
  • Why it is needed?
  • Which of your External Service Provider’s it applies to?
  • How to fill it out?
  • And, how it plays into your Conformity Assessment?

Well then, this As the CMMC Churns is for you.  In this episode of As the CMMC Churns, we will answer all of your questions.  Our answers actually come from multiple engagements with the Defense Industrial Base Cybersecurity Assurance Center (DIBCAC), including our CMMC certification by them.

We also reference the Peak InfoSec Customer Responsibility Matrix (CRM) Template.  It can be downloaded here.  It should help to reduce Finger Pointing and the CRM.

Key CMMC Sites

Key References

Key Acquisition References

Other Key Sites