CMMC Spin Newsletter

May 2023

Welcome to the May edition of Redspin's newsletter! In this month's issue, we bring you:

• Important updates regarding NIST 800-171 r3, along with a special asset that delves into these updates and provides valuable insights for organizations seeking Cybersecurity Maturity Model Certification (OSCs seeking CMMC)
• A debrief of the recent CMMC Day event held on May 15th, highlighting some of the main themes discussed
• A new infographic showcasing the JSVAP roadmap to help guide you through the key milestones and checkpoints of the JSVAP journey

Do you have a CMMC plan??

No matter where you are on the CMMC path, we can help navigate. Here's a fresh roundup of resources covering the topics above and more.?

NIST 800-171 Rev. 3 - Insights for Defense Contractors

As the cybersecurity landscape continues to evolve, staying up-to-date with regulatory changes is crucial for defense contractors needing to protect their sensitive data and achieve CMMC compliance. The latest draft revisions to NIST 800-171, known as r3, have generated significant interest and raised questions among those on the path to achieving CMMC compliance given that CMMC is directly based on this set of standards.

To shed light on these draft updates and address the concerns of OSCs, we have released a new podcast episode. This episode dives into the draft revisions introduced in r3 and explores what steps organizations need to take and when. Our experts provide valuable insights to navigate the upcoming changes and provide their recommendations.?

?>> Listen to gain valuable knowledge about NIST 800-171 r3 updates and their impact on CMMC certification: Stream now

CMMC Day: A Recap - NIST SP 800-171 r3 & JSVAP as key discussion points

We had the privilege of participating in CMMC Day, an event that brought together industry experts, thought leaders, and organizations committed to cybersecurity excellence through CMMC.?

• One of the main themes that emerged was the significance of NIST SP 800-171 r3. While there has been a lot of talk surrounding this revision, many organizations have yet to fully grasp the implications it may have on their CMMC efforts. We encourage you to read through the draft, and provide comments up until the cut off of July 14th, 2023 - You can find a comment submission template, FAQs, and a detailed analysis of the changes here

• Another topic of discussion at the event was the Joint Surveillance Voluntary Assessment Program (JSVAP). It was highlighted as a viable alternative for organizations to avoid the need for compliance with NIST 800-171 r3. This process, under Revision 2, offers an avenue for organizations to maintain compliance for a few more years before transitioning to the updated standard - Experts emphasized that JSVAP presents a more straightforward and manageable path to CMMC compliance, providing organizations with additional time to prepare

JSVAP Roadmap - an informative infographic mapping your path to success

We are excited to announce the release of a new infographic that outlines the roadmap and process of the Joint Surveillance Voluntary Assessment Program (JSVAP) in support of organizations on their path to CMMC certification.

The graphic provides a step-by-step overview, guiding you through the essential milestones and checkpoints of the JSVAP journey. It offers valuable insights to help with your CMMC compliance efforts, giving you a clear picture of what lies ahead.

>> Explore the roadmap to success and gain valuable insights to optimize your CMMC process here.

How can we help?

If you have questions about your current CMMC engagement, or where to begin on your CMMC journey, contact us. We'd love to talk.