NIST SP 800-171/CMMC 2.0 Self-Assessment Tool Updated to Include Automated FAR and Above and SPRS Scoring, and More

We are excited to announce the release of the new version of our CMMC 2.0/NIST SP 800-171 Self-Assessment Tool. This version includes automated FAR and Above and SPRS scoring and much more!

The $0 CMMC Level 2 Compliance Fallacy

Government representatives have stated that complying with CMMC 2.0 Level 2 shouldn’t cost contractors or the government anything, because contractors have been attesting to the government that they are doing these things for years. This article explores why this is correct only for a small minority (17 out of 110) of the controls in CMMC 2.0 Level 2.

On NIST SP 800-171, NFO Controls and Polices, Procedures, and Plans

With CMMC 2.0, DoD removed process maturity as an assessed requirement. Some commentators are suggesting that NIST 800-171’s “NFO” controls inherently require policies. We explore the requirement in this article.

Can DCMA’s DIBCAC Teams Handle the CMMC C3PAO Authorization Workload?

CMMC depends upon Authorized C3PAOs. DCMA’s DIBCAC team plays a crucial role in the C3PAO authorization process. However, the DIBCAC teams’ calendars were already full prior to CMMC. In this article, co-authored with Kyle Lai, Carter Schoenberg, Tony Buenger, and Derek White, we discuss whether the current system is likely to clear the CMMC C3PAO backlog in a timely manner and explore a few alternatives.