Yes, you too can implement NIST SP 800-171 in preparation for CMMC in just three “Easy” Steps.
Yeah, there is a LOT of sarcasm in the “Easy.” However, many people and organizations are losing sight of the macro-level process.
This infographic brings us back to the macro-level process all Organizations Seeking Certification need to follow. As the infographic warns, do not do this backward. Bad things happen that way.
The “As The CMMC Churns” episode on “Implementing CMMC Myth Busted” explains this in more detail and the consequences for organizations doing this backward.
Original Linkedin Post: https://www.linkedin.com/posts/matthewtitcombe_cmmc-cmmc-infosec-activity-7006959510183419904
The Author, Matthew Titcombe is the CEO of Peak InfoSec, an Authorized CMMC 3rd Party Assessor Organization (C3PAO). His support to the Defense Industrial Base began back in 2016 when he was supporting United Launch Alliance’s implementation of NIST SP 800-53 and subsequently NIST SP 800-171 when DFARS Clause 252.204-7012 came into being in 2017.
He has been involved in the CMMC ecosystem since its earliest versions and participated in the Cyber-AB’s working groups. Specifically, Mr. Titcombe worked on the Initial draft of the CMMC Assessment Guides. He was also in the first cohort of Provisional Assessors and was certified as Provisional Assessor #17. He was recently certified as a CMMC Certified Professional (CCP).
After being certified as a Professional Assessor, Mr. Titcombe worked with Local Operations, a CMMC Licensed Partner Publisher to develop the CCP curriculum, He also worked on the CMMC Certified Assessor’s (CCA) curriculum and wrote the lesson on CMMC Scoping.