Government representatives have stated that complying with CMMC 2.0 Level 2 shouldn’t cost contractors or the government anything, because contractors have been attesting to the government that they are doing these things for years. This article explores why this is correct only for a small minority (17 out of 110) of the controls in CMMC 2.0 Level 2.
Don’t throw out your computer equipment or software just yet. A little diligence can save you time, effort, and expense while preparing for a CMMC assessment.
Employees are increasingly using smart devices, such as smart watches, to improve their productivity. But accessing CUI from those devices can create unintended issues. This article discusses how smart devices can impact your obligations under CMMC and other government contracting requirements.
Are you looking for a straightforward way to understand what is/isn’t likely to be Controlled Unclassified Information (“CUI”)? Is your prime/mid-tier contractor asking you for copies of your System Security Plan (“SSP”), Plan of Action and Milestones (“POA&M”), 800-171 assessment results, or other information when you didn’t even realize you needed them? We have added CUI and cybersecurity obligation decision trees to the CMMC Information Institute’s collection of free tools. We are also hosting an event on May 7, 2021 at 11:00 AM to discuss the decision trees and help take the mystery out of CUI.
The CMMC Information Institute recently hosted an event in which we were joined by Nicole Dean, CISO of Accenture Federal Services; David Kessler, Vice President and Associate General Counsel IT & Cybersecurity of BAE Systems; and Michael Connelly, Assistant Compliance and Supply Chain Risk Management Program Manager and Chief Strategist for Classified Policy and Programs for the Johns Hopkins University Applied Physics Laboratory. We discussed a range of topics including how their organizations are preparing for CMMC, how their roles as subcontractors shape the way they interact with their own subcontractors, and how organizations should approach dealing with DFARS 252.204-7019 and 252.204-7020 (the requirements that contractors handling CUI submit self-assessment scores to SPRS). A recording of the event is available for our Communities members via the link below.