Sign up to save your podcasts
Or
Share CMMC, NIST, CUI, & DFARS News and Analysis for October 2022
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CMMC, NIST, CUI, & DFARS News and Analysis for October 2022
In this episode Jacob and Jason dive into the October 2022 Cyber AB Town Hall by exploring the questions (both answered and unanswered) submitted during the town hall Q&A segment. Jason provides his thoughts on the quality of the updated Registered Practitioner training. Time is spent on Rumor Control: Large prime contractors are seemingly requiring everyone to get #CMMC Level 2 certified and there's not much that #DoD can do to stop them. Jacob discusses the specter of #NIST SP #800-171 Appendix E and why they remain a thorn in everyone's sides. Other questions addressed: Are the rumors of Congressional funding for CMMC actually true? Is DoD actually bad at communicating? Why is it so hard to know how many requirements correspond to CMMC Level 1? The show wraps up with a brief discussion of NIST SP 800-172 and the newly released #CISA Cross-Sector Cybersecurity Performance Goals.
Episode Links:
Cyber AB Town Hall: https://cyberab.org/News-Events/Town-halls
CMMC Level 3 Likelihood: https://www.linkedin.com/posts/jacob-evan-horne_cmmc-cybersecurity-govcon-activity-6978019292143394816-0OGI?utm_source=share&utm_medium=member_desktop
NFO Controls in CMMC: https://www.youtube.com/watch?v=9UyyONyOjJg
NIST SP 800-171 Comment summary: https://csrc.nist.gov/publications/detail/sp/800-171/rev-3/draft
CMMC Delta 20 rationale: https://insights.sei.cmu.edu/blog/beyond-nist-sp-800-171-20-additional-practices-cmmc/
The SA-9 Control: https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=SA-9
CMMC Documentation: https://www.acq.osd.mil/cmmc/documentation.html
DFARS Rulemaking on funding (2016): https://www.federalregister.gov/d/2016-25315/p-139
DoD Testimony on Communication and Industry Engagement: https://www.armed-services.senate.gov/hearings/cybersecurity-of-the-defense-industrial-base
OMB Rules Under Review: https://www.reginfo.gov/public/jsp/EO/eoDashboard.myjsp
7 Steps to CMMC: https://www.summit7.us/7-steps-to-cmmc
FAR 52.204-21: https://www.acquisition.gov/far/52.204-21
NIST SP 800-172: https://csrc.nist.gov/publications/detail/sp/800-172/final
DoD hopes Primes Don't Require Level 2: https://www.linkedin.com/posts/jacob-evan-horne_cmmc-cybersecurity-govcon-activity-6973293313240047617-YCGe?utm_source=share&utm_medium=member_desktop
Public/Private Partnership Overview: https://www.chathamhouse.org/sites/default/files/publications/ia/INTA92_1_03_Carr.pdf
CISA Cross-Sector Cyber Performance Goals: https://www.cisa.gov/cpg James Dempsey on Measurable Standards: https://www.lawfareblog.com/cybersecurity-regulation-its-not-performance-based-if-outcomes-cant-be-measured
View all episodes
By Summit 7
5
1111 ratings
In this episode Jacob and Jason dive into the October 2022 Cyber AB Town Hall by exploring the questions (both answered and unanswered) submitted during the town hall Q&A segment. Jason provides his thoughts on the quality of the updated Registered Practitioner training. Time is spent on Rumor Control: Large prime contractors are seemingly requiring everyone to get #CMMC Level 2 certified and there's not much that #DoD can do to stop them. Jacob discusses the specter of #NIST SP #800-171 Appendix E and why they remain a thorn in everyone's sides. Other questions addressed: Are the rumors of Congressional funding for CMMC actually true? Is DoD actually bad at communicating? Why is it so hard to know how many requirements correspond to CMMC Level 1? The show wraps up with a brief discussion of NIST SP 800-172 and the newly released #CISA Cross-Sector Cybersecurity Performance Goals.
Episode Links:
Cyber AB Town Hall: https://cyberab.org/News-Events/Town-halls
CMMC Level 3 Likelihood: https://www.linkedin.com/posts/jacob-evan-horne_cmmc-cybersecurity-govcon-activity-6978019292143394816-0OGI?utm_source=share&utm_medium=member_desktop
NFO Controls in CMMC: https://www.youtube.com/watch?v=9UyyONyOjJg
NIST SP 800-171 Comment summary: https://csrc.nist.gov/publications/detail/sp/800-171/rev-3/draft
CMMC Delta 20 rationale: https://insights.sei.cmu.edu/blog/beyond-nist-sp-800-171-20-additional-practices-cmmc/
The SA-9 Control: https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=SA-9
CMMC Documentation: https://www.acq.osd.mil/cmmc/documentation.html
DFARS Rulemaking on funding (2016): https://www.federalregister.gov/d/2016-25315/p-139
DoD Testimony on Communication and Industry Engagement: https://www.armed-services.senate.gov/hearings/cybersecurity-of-the-defense-industrial-base
OMB Rules Under Review: https://www.reginfo.gov/public/jsp/EO/eoDashboard.myjsp
7 Steps to CMMC: https://www.summit7.us/7-steps-to-cmmc
FAR 52.204-21: https://www.acquisition.gov/far/52.204-21
NIST SP 800-172: https://csrc.nist.gov/publications/detail/sp/800-172/final
DoD hopes Primes Don't Require Level 2: https://www.linkedin.com/posts/jacob-evan-horne_cmmc-cybersecurity-govcon-activity-6973293313240047617-YCGe?utm_source=share&utm_medium=member_desktop
Public/Private Partnership Overview: https://www.chathamhouse.org/sites/default/files/publications/ia/INTA92_1_03_Carr.pdf
CISA Cross-Sector Cyber Performance Goals: https://www.cisa.gov/cpg James Dempsey on Measurable Standards: https://www.lawfareblog.com/cybersecurity-regulation-its-not-performance-based-if-outcomes-cant-be-measured
More shows like Sum IT Up: CMMC News Roundup
View all
Hands-On Tech (Audio)
1,961 Listeners
Security Now (Audio)
1,960 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
634 Listeners
CyberWire Daily
1,011 Listeners
Pivot
8,773 Listeners
Cybersecurity Today
142 Listeners
CISO Series Podcast
182 Listeners
Hacking Humans
308 Listeners
Defense in Depth
71 Listeners
The Prof G Pod with Scott Galloway
4,990 Listeners
Cyber Security Headlines
117 Listeners
GRC Academy
2 Listeners
Climbing Mount CMMC
0 Listeners
CMMC Proof
0 Listeners
Prof G Markets
797 Listeners