On NIST SP 800-171, NFO Controls and Polices, Procedures, and Plans

With CMMC 2.0, DoD removed process maturity as an assessed requirement. Some commentators are suggesting that NIST 800-171’s “NFO” controls inherently require policies. We explore the requirement in this article.

Analysis of CMMC 2.0

Former CMMC-AB board of directors James Goepel, Mark Berman, and Ben Tchoubineh authored a letter to the President which analyzes why CMMC 2.0 is inconsistent with the President’s recent Executive Order and is harmful to our national security.

Coming in September: Final CMMC DFARS Rule and More

Changes to the FAR/DFARS imposed by the recent Executive Order on Increasing our Nation’s Cybersecurity and the expected publication of the Final Rule for CMMC are now both expected in September, although the exact dates are still unknown. With all the expected changes, October promises to be a very busy time for defense contractors!

CMMC and the Cybersecurity Executive Order

The Executive Order issued May 12, 2021 on Improving the Nation’s Cybersecurity casts some clouds over the CMMC program. This article provides short-term guidance for defense contractors.