Types of Information
Learn about the types of information that are pertinent to NIST 800-171 and CMMC.
NIST 800-171 Overview
Learn about NIST 800-171, NFO controls, assessment procedures, and the SSP and POA&M.
NIST 800-171 DFARS Clauses
Learn what the purpose of the FAR and DFARS is and what is contained within the DFARS clauses which pertain to cybersecurity requirements for protecting CUI on nonfederal systems.
NIST 800-171 DoD Assessment Methodology
Learn how to calculate NIST 800-171 SPRS scores in accordance with the DoD Assessment Methodology.
Learn about FedRAMP, how it relates to DFARS 252.204-7012, and how to use the FedRAMP Marketplace.
Learn about CMMC, when it will be required, what is contained in DFARS 252.204-7021, and its 3 levels.
CMMC Scoping Guides
Learn how to scope assets in your organization by understanding the CMMC asset types and the requirements for each.
CMMC Assessment Guides
Learn about the DoD's assessment guidance and who is responsible for conducting assessments for CMMC levels 1 - 3.
CMMC Ecosystem Roles
Learn about the roles in the CMMC ecosystem.
Actionable steps to achieve CMMC compliance or certification.
Learn about the FedRAMP program, its purpose, what agencies manage it, its four impact baselines (Low impact, LI-SaaS, Moderate, and High), and its relationship to DFARS 252.204-7012 and DISA’s Cloud Security Requirements Guide (SRG).
- Learn What FedRAMP is All About (fedramp.gov)
- Learn About FedRAMP with Training Resources (fedramp.gov)
- FedRAMP Announces the Passing of the FedRAMP Authorization Act! (fedramp.gov)
Discuss this lecture at community.grcacademy.io.