Under Phase 1, CMMC compliance has become a condition of contract award. DIB contractors are now seeing CMMC requirements appear in new solicitations. Success in CMMC 2.0 is about right sizing your environment during the discovery and scoping phases before an assessor ever sets eyes on your CMMC implementation. To define an accurate assessment boundary, you must first track the flow of Controlled Unclassified Information (CUI) through your organization. Starting with how you

Complying with CMMC requirements means strong documentation. Some companies choose to put all their documentation in a single System Security Plan (SSP) to reduce the number of controlled documents. However, we recommend a layered documentation approach to segment the security plan and to ensure the needed information gets to the right people. This documentation approach is built upon four layers: a high-level narrative of the security strategy, security policies, detailed co

The CMMC Northeast Summit, hosted at Rhode Island College’s Institute for Cybersecurity and Emerging Technologies with AXIOTROP, their partner sponsor. This event was specifically designed to support Organizations Seeking Assessment (OSAs) by bridging the gap between dense Department of War (DoW) policy and the boots-on-the-ground CMMC execution. Joe Devine, President of AXIOTROP, & Senator Jim Langevin, Former United States Representative, giving opening remarks. Photo by