• 3.3.1 System Auditing

3.3.1, System Auditing

June 11th, 2024|0 Comments

Organization's struggle with documenting NIST SP 800-171's 3.3.1 System Auditing, especially when they are using Commercial Off the Shelf (COTS) software or cloud services. Like all of the other As the CMMC Churns [...]

  • Approve. It is the forgotten verb that applies throughout NIST SP 800-171. Draft policies and unapproved configuration settings don't count in a Conformity Assessment. Follow 3.4.3, approve policies, plan, procedures, and your security design documentation.

Approve, the Forgotten Verb

February 25th, 2024|0 Comments

Did you know one of the most prolific failures for an organization's self-assessments and those seeking certification during a conformity assessment under Cybersecurity is their documentation?  Approvals. For some crazy reason organizations think [...]

  • In this episode of As the CMMC Churns, we will look at the similarities between Assessors and Toddlers; why you can’t leave either unattended

Assessors and Toddlers

June 28th, 2023|0 Comments

Is your organization getting ready to undergo a formal Conformity Assessment for NIST SP 800-171?  If so, you need to watch this video!!! You need to understand the similarities between Assessors and Toddlers. With [...]

  • There is a lot of CMMC FUD being used to goad Defense Industrial Base (DIB) companies into implementing NIST SP 800-171 and get ready for CMMC
  • There is a lot of CMMC FUD being used to goad Defense Industrial Base (DIB) companies into implementing NIST SP 800-171 and get ready for CMMC

CMMC FUD

April 5th, 2023|0 Comments

There is a lot of CMMC-related Fear, Uncertainty, and Doubt (FUD) being used to goad Defense Industrial Base (DIB) companies into implementing NIST SP 800-171 and get ready for CMMC. While we are [...]

  • Tips about FIPS Part 2 continues address the most common DIBCAC NOT MET requirement for CMMC and NIST SP 800-171, 3.13.11.
  • Tips about FIPS Part 2 continues address the most common DIBCAC NOT MET requirement for CMMC and NIST SP 800-171, 3.13.11.

Tips about FIPS Part 2

March 31st, 2023|0 Comments

Has 3.13.11, the use of FIPS-validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS-validated encryption have you befuddled?  Tips about FIPS Part 2 continues address [...]

  • DIBCAC Gaps is about slides about what NIST SP 800-171 requirements were "Other Than Satisfied" by DoD in their non-voluntary assessments.
  • DIBCAC Gaps is about slides about what NIST SP 800-171 requirements were "Other Than Satisfied" by DoD in their non-voluntary assessments.

DIBCAC Gaps

February 9th, 2023|0 Comments

Did you know the Defense Industrial Based Cybersecurity Assessment Center (DIBCAC) posted slides about what NIST SP 800-171 requirements were "Other Than Satisfied"?  These are the DIBCAC Gaps. In [...]

Key CMMC Sites

Key References

Key Acquisition References

Other Key Sites

An Authorized CMMC 3rd Party Assessment Organization (C3PAO)