As the CMMC Churns: Procedure Myths Busted & Quarter Pounders???
Is your business struggling to implement procedures for Cybersecurity Maturity Model Certification (CMMC)? Is your business chasing procedures for everything because of perceived compliance requirements coming from CMMC, NIST SP 800-171, and NIST SP 800-171A? Well, this [...]
CUI-CON
Peak InfoSec is sponsoring CUI-CON. Key details: Dates: 23-24 February 2023 Location: Melbourne Beach, FL Website: https://cui-con.com
As the CMMC Churns: The Little CMMC Engine that Could
Are you struggling to get through Remediation Pass and over Conformity Hill? Well, today's story from As the CMMC Churns is all about "the Little CMMC Engine that Could." It is a classic story of the little [...]
As the CMMC Churns: Finger Pointing and the Customer Responsibility Matrix (CRM)
Did you know your need a CRM for your CMMC Conformity Assessment? No, not a Customer Responsibility Management application--you need a Customer Responsibility Matrix (CRM). If you don't know: What a CRM is? Why it is needed? [...]
As the CMMC Churns and the Quest for the Lost Families of NIST
Are you ready to go on a CMMC Quest? We will be looking for the lost Families of NIST. A whirlwind tour through NIST SP 800-171 Appendix E, Tailoring. While not as exciting as being thrown into [...]
As the CMMC Churns: Good, Fast, or Cheap. Pick one, Punk!
So many Defense Industry organizations are making critical and costly errors. Are you? They fail to recognize the fundamental acquisition relationship between Good, Fast, or Cheap when it comes to implementing NISR SP 800-171 requirements to satisfy [...]
As the CMMC Churns: Moving the Pentagon
Did you know you have enough leverage to move the Pentagon? Is your Program Office and Contracting Officer not providing your organization guidance on CUI? While you may not have enough leverage to move the whole Pentagon, [...]
As the CMMC Churns: Scope Confusion (Part 2)
Are you confused about the CMMC Assessment Scope and how to apply it to your business? Do you think you don’t have to apply NIST SP 800-171 requirements to Contractor Risk Managed or Specialized Assets? Well for [...]
As the CMMC Churns: Scope Confusion (Part 1)
Is your organization confused about where to apply NIST SP 800-171 requirements? How does the DoD's CMMC Assessment Guide in? This entry into As the CMMC Churns is the 1st part in a two-parter where we lay [...]
As the CMMC Churns: 800-171A Sentences
Is your organization struggling with applying NIST SP 800-171A Assessment Objectives? This vlog builds on our previous one on Assessment Objective verbs (highly recommend watching that one first). In this we look at the actual Assessment Objectives [...]
As the CMMC Churns: Verbs
Verbs???? Verbs are incredibly important to successfully pass a CMMC certification event. In this video, we break down verbs that affect how you shape your organization against those that you need to implement. Sadly, many organizations fail [...]
As the CMMC Churns: Understanding the CMMC Compliance Trap
Did you know when you submitted your SPRS score you may have tripped the CMMC compliance trap? The moment you signed up for a contract with the DFARS -7012 clause, you stepped into the trap. In this [...]
As the CMMC Churns: NIST SP 800-171 does NOT equal NIST SP 800-171A
In this episode of As the CMMC Churns, we take a look into how "any entity" is supposed to evaluate the implementation of NIST SP 800-171 using NIST SP 800-171A. This has big impacts as the evaluation [...]
As the CMMC Churns: Acquisition 101 and the CMMC Rule
Welcome to the inaugural entry of "As the CMMC Churns." In this episode, we will lay out when to expect CMMC Interim Rule requirements to show up in contracts...and it won't be in 2023. This video very [...]
1 June 2022 || Peak InfoSec is now an Authorized C3PAO Press Release
[PRESS RELEASE, 1 June 2022] Peak InfoSec is pleased to announce we are now an authorized Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessor Organization (C3PAO). Overseen by the Department of Defense (DoD) and the CMMC Accreditation Body (CMMC-AB), [...]
25 May 2022 || Peak InfoSec is now an Authorized C3PAO
Matthew Travis, the CEO of the CMMC Accreditation Body formally authorized Peak InfoSec as an Authorized Cybersecurity Maturity Model Certification (CMMC) 3rd Party Assessor Organization.
CMMC 2.0 — DoD’s Pincer Movement
By Matthew Titcombe, CISSP, CMMC Provisional Assessor Lvl 1-3, CISO, Gigit; CEO, Peak InfoSec Definition of pincer movement 1: a military attack by two coordinated forces that close in on an enemy position from different directions 2: a [...]
18 November 2021 || CMMC 2.0 – What changed and what is next?
CEO, Matthew Titcombe, was a panelist for "CMMC 2.0 - What changed and what is next?" https://www.youtube.com/watch?v=tTWM4Tkf63s
9 November 2021 || CMMC 2.0 Overview
Our CEO and CISO for GigIT shared recent changes to CMMC as DoD jumped to CMMC 2.0 https://www.youtube.com/watch?v=eGJ16bKcfdc
8-10 June 2021 || RMISC 2021: CMMC is coming…It’s not stopping with the DoD… Are you Ready?
Join our CEO as he presents for a 3rd time at the Rocky Mountain Information Security Conference (RMISC) on "CMMC is coming…It’s not stopping with the DoD… Are you Ready?" Register at https://www.rmisc.org/
Social Contact