Breaking it Down: Why CRMAs Must Implement NIST SP 800-171 Requirements

Clarifying CRMA Obligations and Assessment Expectations This position article addresses common misunderstandings surrounding Contractor Risk Managed Assets (CRMAs). Effectively managing CRMAs is crucial for organizations striving to comply with NIST SP 800-171 Level 2 requirements under the Cybersecurity Maturity Model Certification (CMMC). While CRMAs are not intended to process, store, or transmit Controlled Unclassified Information…

DoD Adds Scrutiny to Contractor Cybersecurity Programs

DoD Adds Scrutiny to Contractor Cybersecurity Programs

Background Over the past few years, the US federal government has been gradually trying to improve its cybersecurity program, and has been encouraging contractors to do the same. The US Department of Defense led the way in these efforts, including through a variety of initiatives like DFARS 252.204-7012 and the Cybersecurity Maturity Model Certification (“CMMC”) program. The CMMC program…

Contractors not as Suppliers – but as Leaders

Contractors not as Suppliers – but as Leaders

I have to admit that I don’t always read things like the Executive Orders. As a regular citizen, I have always presumed they are filled with political platitudes rather than actionable direction. However, in discussing the Executive Order on Improving the Nation’s Cybersecurity with Jim Goepel, my colleague and founder of the CMMC Information Institute,…

End of content

End of content