Types of Information
Learn about the types of information that are pertinent to NIST 800-171 and CMMC.
NIST 800-171 Overview
Learn about NIST 800-171, NFO controls, assessment procedures, and the SSP and POA&M.
NIST 800-171 DFARS Clauses
Learn what the purpose of the FAR and DFARS is and what is contained within the DFARS clauses which pertain to cybersecurity requirements for protecting CUI on nonfederal systems.
NIST 800-171 DoD Assessment Methodology
Learn how to calculate NIST 800-171 SPRS scores in accordance with the DoD Assessment Methodology.
Learn about FedRAMP, how it relates to DFARS 252.204-7012, and how to use the FedRAMP Marketplace.
Learn about CMMC, when it will be required, what is contained in DFARS 252.204-7021, and its 3 levels.
CMMC Scoping Guides
Learn how to scope assets in your organization by understanding the CMMC asset types and the requirements for each.
CMMC Assessment Guides
Learn about the DoD's assessment guidance and who is responsible for conducting assessments for CMMC levels 1 - 3.
CMMC Ecosystem Roles
Learn about the roles in the CMMC ecosystem.
Actionable steps to achieve CMMC compliance or certification.
Learn about CMMC scoping, what is in scope for each asset type (CUI assets, security protection assets, contractor risk managed assets, specialized assets, and out of scope assets), and the significance of external service providers.
- 7 Steps to CMMC – Step 2: Identify Assets for CMMC (Scoping) (summit7.us)
- CMMC Scope – are you ready for an assessment? (cmmcaudit.org)
- CMMC 2.0 Scoping Scenarios Analysis (cmmcaudit.org)
Discuss this lecture at community.grcacademy.io.