CMMC Documentation | CMMC Cybersecurity
In this video, I am interviewing Amira Armond, owner of Keiri Solutions. We had a discussion over the following Subjects:
-cmmc levels explained
-documentation with cmmc compliance
-What is the expectation of “Policies” documentation at level 2 and above?
-What is the expectation of “Plan” documentation at level 3 and above?
-What is the difference between documentation used for evidence and policies?
Something I noticed when I was looking for information on Documentation With CMMC was the absence of relevant info.
Documentation With CMMC nevertheless is a subject that I know something about. This video therefore should be relevant and of interest to you.
The Cybersecurity Maturity Model Certification (CMMC) for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss process documentation, a Level 2 requirement.