Finger Pointing and the CRM

Did you know your need a CRM for your CMMC Conformity Assessment? No, not a Customer Responsibility Management application–you need a Customer Responsibility Matrix (CRM). With it, now the Finger Pointing and the CRM will ensue as you try and figure out who is responsible for what.

If you don’t know:

What a CRM is?
Why it is needed?
Which of your External Service Provider’s it applies to?
How to fill it out?
And, how it plays into your Conformity Assessment?

Well then, this As the CMMC Churns is for you. In this episode of As the CMMC Churns, we will answer all of your questions. Our answers actually come from multiple engagements with the Defense Industrial Base Cybersecurity Assurance Center (DIBCAC), including our CMMC certification by them.

We also reference the Peak InfoSec Customer Responsibility Matrix (CRM) Template. It can be downloaded here. It should help to reduce Finger Pointing and the CRM.

As the CMMC Churns

We share our knowledge and experiences as a CMMC 3rd Party Assessment Organization (C3PAO) via the "As the CMMC Churns" episode so everyone can benefit.

Finger Pointing and the CRM

Key CMMC Sites

Key References

Key Acquisition References

Other Key Sites

Recent Posts

Social Contact

As the CMMC Churns

We share our knowledge and experiences as a CMMC 3rd Party Assessment Organization (C3PAO) via the "As the CMMC Churns" episode so everyone can benefit.

Finger Pointing and the CRM

Key CMMC Sites

Key References

Key Acquisition References

Other Key Sites

Share This Content!

Related Posts

3.3.3, Review and update logged events

3.3.1, System Auditing

3.1.22, Publicly Accessible Content

3.10.6 Alternate Work Sites

The Three Types of Evidentiary Objects

Recent Posts

Social Contact