NIST 800-171/CMMC Resources
Resources, Templates, and Guides
State of the State for CMMC and its Impact on MSPs - December 13, 2022
Matt Hoeper of Edwards Performance Solutions gives OTX Roundtable GRC members an update on the latest news regarding the CMMC program and how they may affect MSP with clients in the Defense Industrial Base (DIB). Matt provides insight into how the role of the MSP intersects with that of the contractor, and how the scope of a CMMC Assessment might involve the services of the MSP. Matt describes how the anticipated interim rule will be rolled out and the timeline for compliance. The group discussed the costs associated with CMMC compliance and how that is a major concern for both smaller defense contractors and the MSPs that serve them.
Free on-line training on CMMC/NIST 800-171 basics
Summit 7: Seven Steps to CMMC Compliance
A YouTube playlist with a high level explanation of the steps and timelines for small and medium businesses to achieve CMMC compliance
DoD Official CMMC 2.0 Landing Page
Definitive source from information regarding CMMC 2.0 directly from the Department of Defense
CMMC 2.0 Shared Responsibility Matrix Template
Sample Template for a Shared Responsibility Matrix for MSPs to fill put with their clients
CMMC Assessment Process Guide - DRAFT - July 2022
This is a good preview of what the Cyber AB (Formerly the CMMC-AB) is forming as the process by which CMMC assessments will be conducted. This is a DRAFT of the proposed CMMC Assessment Process (CAP) Guide. This guide has not been endorsed by the Department of Defense and is not yet authorized for use in CMMC Assessments.
NIST Guide book with detailed control definitions
NIST 800-171A Assessment Guide
Assessment guide that details each control and determination statements
NIST 800-171 Assessment Template
Excel Spreadsheet to track status of compliance by control
Overview guide of the CMMC Model
CMMC 2.0 Level 1 Self-Assessment Guide
Assessment guide for the subset of 800-171 controls and determination statements applicable to CMMC 2.0 Level 1
CMMC 2.0 Level 1 Assessment Scope Guide
Defines the scope Self-Assessment will be looking at for CMMC 2.0 Level 2
CMMC 2.0 Level 2 Assessment Guide
Assessment guide for the subset of 800-171 controls and determination statements applicable to CMMC 2.0 Level 2
CMMC 2.0 Level 2 Assessment Scope Guide
Defines the scope Assessors will be looking at for CMMC 2.0 Level 2
Extensive glossary of terms around CMMC
FAR and Above phased adoption approach
Five phase structured approach to attaining compliance developed by the CMMC Information Institute
CMMC Center of Awesomeness (COA)
Informative (and entertaining) website with lots of information and free resources
Spreadsheet developed by COA for self assessment of CMMC 2.0 compliance. Includes mapping to other security frameworks. Also includes recommended tools depending on the size of the organization
Information on CMMC critical to MPSs delivered in an entertaining (and crass) way
Microsoft Learn: “Getting Started with Microsoft for CMMC”
Free course available on Microsoft Learn Platform
Supplier Performance Risk System (SPRS) Overview Training Video
37-minute video providing overview of what SPRS is, how to navigate the website and how to enter your information
Share Responsibility Model (Video)
Excellent 77-minute video explaining the importance of the shared responsibility matrix for the relationship between the contractor, the MSP, and the MSPs third party vendors
Five Ways to Fund CMMC Certification
Sources of funding to help defray the costs of obtaining CMMC Certification