Cybersecurity Maturity Model Certification (CMMC)
What is the difference between a conformity, gap, and mock assessment?
Keeping in mind the definition of an assessment from https://peakinfosec.com/faq-items/what-is-an-assessment/, [...]
What is an assessment?
Per NIST SP 800-171A, an assessment or "security control assessment" [...]
Is Peak InfoSec CMMC Certified?
Yes. Peak InfoSec is an authorized C3PAO. To be authorized, [...]
What CMMC Level Conformity Assessments is Peak InfoSec authorized to conduct?
As of right now, none. Peak InfoSec is an [...]
How up-to-date is Peak InfoSec regarding CMMC?
Our founder, Matt Titcombe, was a volunteer on the Cyber-AB [...]
We are DFARS & NIST SP 800-171 Compliant. Which level should we target?
We recommend clients target CMMC Level 2 because it encompasses [...]
What do we need to know in order to report an incident to DC3?
In our experience working through real world Incidents with DC3, [...]
Does an incident have to be confirmed before we report it?
No. The key word in the definition is "potential." We [...]
Does our organization handle Controlled Unclassified Information (CUI)? (Long Winded Answer)
This sure sounds like an easy question, and, given the [...]
Does our IT or Managed Service Provider (MSP) have to be compliant?
Yes. CMMC auditors will focus extra attention on your Supply [...]
Social Contact