CMMC and NIST SP 800-171 Update for May 2024
There is news this month on both fronts – there is progress being made in the CMMC arena and NIST has released 800-171 Rev 3. What do these mean for you? Listen here.
There is news this month on both fronts – there is progress being made in the CMMC arena and NIST has released 800-171 Rev 3. What do these mean for you? Listen here.
We knew that DoD had to resolve the conflict between the current 7012 DFARS and the CMMC Part 32 rule that was released in December, but we did not know HOW they were going to resolve it. For defense contractors who are wrestling with getting ready for CMMC, their temporary workaround is the best we…
This week’s news update includes:
The executive branch has released another pillar in its cybersecurity strategy. This administration has done more that past administrations on cybersecurity including the National Defense Strategy, the National Cybersecurity Strategy, the DoD Cyber Strategy and the National Defense Industrial Strategy. The newest piece of this is the Defense Industrial Base Cybersecurity Strategy 2024. This is…
I recently provided a CMMC update to the Denver chapter of NCMS. That presentation was live and in person and generated a lot of questions and comments. I recreated that presentation here. If you have questions, please contact us.
Lots of news this month. In case you thought the DoD was just kidding, this month’s news should disabuse you of that idea. If you have questions/need help, please contact us.
NIST has released a draft version of the next update to the core standard behind CMMC. If you do work for the US, Canadian or Australian defense departments or are a vendor to one of these organizations or if you are a vendor to a large US corporation, this standard and these changes are important…
CMMC or the Cybersecurity Maturity Model Certification passed a huge milestone this week when the Pentagon handed of the proposed rule to the Office of Management and Budget. After they approve the package, it gets published in the Federal Register for comment and implementation. Learn more about the remaining steps below.
800-171 is the government’s chosen cybersecurity standard for protecting controlled unclassified information (CUI) and is the standard is required by a number of government departments and by private industry as a matter of contract for protecting sensitive unclassified information. Learn more about this new version of the standard here.
Okay, that is a bit of alphabet soup. CUI stands for Controlled Unclassified Information. While technically, it only refers to government agencies and government contractors, think of it as information you might prefer that the Russians, Chinese and your competitors don’t have. GPT stands for generative pretrained transformers like ChatGPT, Bard and many others. It…