Certified CMMC Assessor Program Update

2023 is shaping up to be a HUGE year for the CMMC program! DoD closed out 2023 by kicking off the “Joint Surveillance Program” (“JSP”) assessments of some DoD contractors, and many more are scheduled for 2023. If you aren’t familiar with the JSP assessments, they are voluntary assessments that are led by DoD’s DIBCAC (more…)

Pentagon’s Joint Surveillance Program in Full Swing

The United States Department of Defense (“DoD”) has begun its “Joint Surveillance Program” in conjunction with the CyberAB, the organization tasked with overseeing the CMMC ecosystem. Under the Joint Surveillance Program, members of DoD’s Defense Industrial Base Cybersecurity Assessment Center (“DIBCAC”) accompany and oversee representatives from CyberAB authorized Certified 3rd Party Assessment Organizations (“C3PAOs”) as (more…)

Rule Change is Imminent. Are You Ready?

The CMMC Implementation Conference is being held January 18-20 at the beautiful University of San Diego. Chock full of valuable tips and tools for business owners, service providers, and those charged with implementing the CMMC requirements, CIC2023 is NOT your ordinary CMMC conference. Learn how to Stop Talking. Start Doing. You can even take CCP or (the first ever) CCA training classes before the conference and reinforce your learning at the conference! Register today at https://CIC2023.org

Are Contractors Authorized to Mark Legacy Information or Unmarked Information as CUI?

There is a LOT of confusion in the contractor community over whether contractors have the authority to take it upon themselves to mark legacy information (e.g., FOUO, SBU, etc.) or unmarked information as CUI. In this article, we do a quick analysis based on the governing regulation and agency memorandum.

Overcoming a Shortcoming in the DoD Assessment Methodology

The DoD Assessment Methodology is a great attempt to create a standardized approach to evaluating contractor cybersecurity programs. However, it suffers from a fundamental flaw. That flaw is best illustrated through an example. Imagine that Mavis’ Machine Shop is a DoD contractor and only ever handles Federal Contact Information (“FCI”), never Controlled Unclassified Information (“CUI”). (more…)

2022 CMMC Community Contributor Award Winners

Announcing the 2022 CMMC Community Contributor Awardees! These individuals made exceptional contributions to the efforts to protect the US government’s supply chain, and the broader cybersecurity community. We appreciate their efforts and are pleased to recognize the positive contributions they have made!

NIST SP 800-171/CMMC 2.0 Self-Assessment Tool Updated to Include Automated FAR and Above and SPRS Scoring, and More

We are excited to announce the release of the new version of our CMMC 2.0/NIST SP 800-171 Self-Assessment Tool. This version includes automated FAR and Above and SPRS scoring and much more!