Has your business made the implementation of NIST SP 800-171 harder than it needs to be?
Are your employees using one device for CUI work and another for normal work?
If so, there is a good chance you have overengineered your environment to get ready for CMMC. In this case, your business may have provided “a solution to a problem in an elaborate or complicated manner, where a simpler solution can be demonstrated to exist with the same efficiency and effectiveness as that of the original design.”
We run into overengineering all the time. Many try to treat CUI as SECRET and overprotect it while many simply don’t understand how to use NIST SP 800-171 to avoid overengineering.
This “As the CMMC Churns” looks at “Overenginnering for CMMC” and we even channel a little Jeff Foxworthy plus Dungeons & Dragons along the way.
Upcoming “As the CMMC Churns” Episodes:
– 27 April: Controlling the Conversation with your Assessor
– 4 May: Your SSP & SPRS
– 11 May: Split-Tunneling
Peak InfoSec Homepage: https://peakinfosec.com
As the CMMC Churns Episodes: https://peakinfosec.com/as-the-cmmc-churns/
Contact Peak InfoSec for Support: https://peakinfosec.com/contact/