CMMC Solutions

Someone in Reddit was wondering about: Certifications and AT.L2-3.2.2 (role-based training) This was my response: I hate to say this... but most people do not interpret 3.2.2 properly. In NIST land, each framework has a specific overview. For 171/CMMC the overview is "Protect CUI". So, with 3.2.2, how do you "Protect CUI by Ensure(ing) that personnel are trained to carry out their assigned information security-related duties and responsibilities." True, each employee must know their job, such as DBA, and take courses to maintain, BUT the other half is Protect CUI. So how can you protect CUI if you don't know WHERE the CUI resides???? How do you know where CUI resides??? THE Data flow diagram!!! For a prime, where we had 600 applications, we had 600 Data flow diagrams and 38 hosting center diagrams. Are you getting this??? TO DO 3.2.2 properly, you MUST include the Data flow diagram that the employee employs with their job. Example, I am a DBA for SAP. I get my DBA training for database associated with SAP (there are several), PLUS I need my Data Flow Diagram - I created a training module for the prime just for 3.2.2: Simple: Employee could not take training without their Data flow diagram, then their training would reference the diagram through the training program. The training included definition on CUI, roles, then Where does the CUI come into with your program, Where does it reside?, is it integrated with other programs, printers, etc and Finally how does CUI leave the program. NOW your DBA is fully qualified to pass 3.2.2 and help protect your company's CUI. Just ask Mike Snyder of AB. I took the Trainer Training with him and he will know exactly who you are talking about. #cmmc #defensecontractors #cybersecurity #defense

MAGIC - "make a great impression on our customers" can start with one thing...in this case one person, one cow, and one community. New Jersey's Maria Schaffner from Heritage's Dairy Stores shares with Fiorenza's Food for Friends Founder #DerekFiorenza their history from The Great Depression to 32 Stores, giving to their communities and partnering with #F4 #sharingiscaring The Fiorenza's Food For Friends (F4) hashtag #F4 hashtag Please consider donating to support our mission and help the F4 team continue to hashtag #createaworldwithouthunger! hashtag #FoodInsecurityAwareness hashtag #donate hashtag #feedthehungry hashtag #hungerawareness hashtag #endhunger hashtag #foodinsecurity hashtag #health hashtag #volunteer hashtag #FoodRescue Al Strohmetz Michele Rist Michael Rist Michael Brookshire Edward Bonett Jason Litman, MBA John Trigg Phil Ciarrocchi Michael Jaconelli Martin Morfin Kelly Atwater Ted Zobian Marguerite Davis Laura Fitts Ryan Conte Isabella Ambrosino Eric Miller Derek Fiorenza - CFP?, C(k)P?, CPFA?, AIF?, PPC?

And you wonder how long will it take to get ready so you can take the CMMC certification for your Machining and Engineering systems? With CMMC around the corner, how long will it take your company to get ready for the certification process? Well, you must consider the following, each of which increase your timeline into 2025: 1. Besides Office 365 applications, you use other applications, such as CAD. 2. Your firm has CnC machines utilized in your manufacturing process. 3. You develop your own applications and/or business processes. 4. You don’t know if your subs are certified. 5. You share CUI with other companies. 6. You print CUI. Reach out and I can assist you on your path... Remember, there many CMMC RP and other assessment companies in the market. If you want some advice, just reach out. I look at your company on the long-term haul, not just to get you certified and bye. As I have stated in other postings, there are "Wise" people, "A"mira people and o"k"ay kyle and kelly people that can assist too. What a great CMMC community we have! Thanks to Fernando, Stuart, Terry, Chris, Steve, Ozzie, Jeremy, Beth, Robert!!! #cmmc #defensecontractors #cybersecurity #DoD

So CMMC timeline keeps ticking... On August 7, 2024, the Office of Information and Regulatory Affairs (OIRA) concluded its review of the 48 CFR proposed CMMC rule. Are you ready??? #CMMC #defensecontractors #cybersecurity #dod

I have created quite of bit of risk analysis for many verticals. I have spent years with banks, govt agencies (DoD), insurance companies, etc to help them establish risk basis for various factions. You "REALLY" have to know the business to do risk analysis, but without risk knowledge, you can't help the business. With CMMC, my background with manufacturing, software development, project management, etc, my risk analysis is always a two-way street. Meaning that the business has to want to see their risk to help you assign the risk. For CMMC that means SP 800-161 comes into play... Supply Chain Risk Management. The guidance has for "Systems" and "Companies", which means the products and services a company provides with the associated systems are in-scope for the risk analysis. This is a true integration, Cybersecurity's implementation plans, policies, plans and the associated Risk Assessments. Have you applied your risk yet??? #DOD #CMMC #defense #defensecontractor

Look at the AI article... see how defense is impacted with AI. AI, put at the right use, can be resourceful and bountiful!!! #cmmc #defense #cybersecurity

Advanced Digital Health Boosting Experiences

Well, here we are in CMMC land where activity is picking up, but many contractors are still sitting on the sideline... "Waiting, waiting, waiting...". I truly feel sorry for the contractors, because they have had a rough road. They do not trust the CMMC marketplace saying... "Now, now, now...". CMMC was supposed to be out 2022/2023, but now it is 2025! In a phased roll out... The problem with the phased roll out is that if you want to bid on any contract or be a sub, you will have to be certified. So much for a phased roll out. I have a unique approach that saved millions for a prime and thousands for small contractors. I am speaking at the Cyber week at University of Maryland/Baltimore - Wednesday the Cyber Trust Mark Day.