In this episode Jacob speaks with CMMC assessor Dr. Thomas Graham.
Thomas is the Vice President and CISO at Redspin, a division of Clearwater, the first CMMC Third Party Assessor Organization (C3PAO)!
This episode has a lot of great information for the defense industrial base!
Here are some highlights from the episode:
- Redspins' experience becoming the first C3PAO
- Notable changes in NIST 800-171 r3
- CMMC challenges and misconceptions
- Tips for selecting the right CMMC consultant and assessor
- Other countries interested in CMMC
- Each phase of the CMMC assessment process
- What CMMC practices can be POA&M'd according to current guidance
- And more!
Follow Thomas on LinkedIn: / tgrahamphd
Redspin website: www.redspin.com
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: grcacademy.io/courses/?...
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: grcacademy.io/ref/keeper/b2b-...
See the CMMC controls that Keeper meets: grcacademy.io/ref/keeper/cmmc...
00:00 Beginning
00:16 Dr. Graham's background
01:20 Story about Redspin becoming the first C3PAO
03:10 What is NIST 800-171?
05:58 Other federal agencies considering CMMC
07:35 What are NIST 800-171 Organization Defined Parameters (ODPs)?
09:05 When will CMMC adopt NIST 800-171 r3?
10:37 What is CMMC?
13:23 Common misconceptions businesses have about CMMC
16:25 CMMC compliance challenges
18:01 Other countries considering CMMC
20:02 Will other countries need their own C3PAOs?
21:33 Advice for hiring CMMC consultants
24:14 Advice for hiring CMMC assessors
26:16 CMMC Assessment Process - phase 1
28:13 CMMC Assessment Process - phase 2
30:41 CMMC Assessment Process - phase 3
32:08 CMMC Assessment Process - phase 4
32:50 What controls can be POA&M'd?
33:52 Conclusion
Негізгі бет Ғылым және технология CMMC Insights with Redspin Assessor Thomas Graham
Пікірлер