What is CMMC? CMMC Update Archives CMMC Links
Security Awareness Training Public Speaking Expert Witness
Newsletters Whitepapers Articles Videos Interviews Additional Resources
CMMC Update by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

April 8, 2024

Everbody has to do L1 -- and it's harder than you think!

One of the interesting things about the new version of CMMC 2.0, as outlined in the proposed rule, is that it decouples Level One (L1) from NIST 800-171, instead aligning it with the FAR 52.204-21 "Basic Safeguarding Rule" (which actually applies to all federal government contractors, for all agencies and departments, not just DoD).

All DoD contractors -- even those who will need L2 also -- will have to self-assess and affirm in SPRS that their FCI environment is fully compliant with these requirements (no POAMs allowed at L1).

Why am I making a big deal about this? Because it's a lot harder than you think! We've recently been working with a mid-size client (~400 employees) with 12 IT people and a fairly robust security program, yet when we did their L1 assessment down to the level of reviewing all the Assessment Objectives (AOs), they had only fully met 3 of the 15 controls!

Learning to read and understand the AOs, and knowing how to "speak NIST," is absolutely critical to your compliance program, and yet we find that many of our clients, even those with in-house IT staff, struggle to align industry standard security practices with NIST SP 800-171 requirements.

That's why I developed my upcoming workshop CMMC 102: Understanding the Requirements of L1. In this two-hour workshop on April 17, I dig in to the AOs of every L1 practice and explain what it actually means, and what CMMC Assessors will be looking for. This deep understanding of the AOs of L1 practices (and "NIST speak") will greatly improve your L2 preparation. (Hint: If you are new to CMMC, I highly recommend also doing the CMMC 101 workshop, where I dive into vocabulary, data types, security standards, and the CMMC ecosystem.)

Hope to see you there!

Upcoming Virtual Workshops

CMMC 101: Getting Started with CMMC (April 10)
Reserve Your Spot

CMMC 102: Understanding the Requirements of Level One (April 17)
Reserve Your Spot

How old is your SPRS self-assessment score? Might want to review this.



Glenda R. Snodgrass Sincerely,

Glenda R. Snodgrass, CCP/CCA
grs@theneteffect.com
The Net Effect, LLC
www.theneteffect.com
251-433-0196 x107

If you enjoy these updates, you might also enjoy my weekly newsletter "Cyber Security News & Tips" -- sign up now!

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

Site Map

Home
Employee Training
Security Awareness Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy