DO NOT watch this if you are a Defense Industrial Base (DIB) Contractor. You have real work to do by implementing NIST SP 800-171 Revision 2. Here is what you need to do:

  1. Ignore all of the CMMC Ecosystem Drama around the NIST SP 800-171 R3 Draft for the next two years
  2. Add a Risk Registry to “Monitor” NIST SP 800-171 R3 for impacts to your system compliance requirements
  3. FOCUS on getting NIST SP 800-171 Revision 2 implemented, including the Non-Federal Organization controls

Okay, for everyone else, this “As the CMMC Churns” looks at NIST SP 800-171 Revision 3 Initial Public Draft. In our review, we concluded that Ron Ross & Victoria Pilliteri are brilliant at how they drafted revision 3 and their public math skills (a.k.a., Federal Math) were ‘challenging.’

The bottom line is there are more Information Security requirements under NIST SP 800-171. However, if I go by the strict count of requirements, I won the bet with Fernanda Machado of Cybersec Investments.

============================================================
Peak InfoSec Homepage: https://peakinfosec.com
As the CMMC Churns Episodes: https://peakinfosec.com/as-the-cmmc-churns/
Contact Peak InfoSec for Support: https://peakinfosec.com/contact/
Email: cmmc.services@peakinfosec.us
============================================================