Given the choice, most companies would choose a self-assessment over a third party assessment. Isn’t that what CMMC was trying to get away from? The decision of whether a company can self-assess for a Level 2 assessment or if a contract requires a third-party C3PAO assessment is determined by the specific requirements stated in the...
Tag: Assessment
Post
The CMMC Rule and Plans of Action & Milestones (POA&M)
One of the things that I wanted to see in the CMMC Rule was more clarity on utilizing Plans of Action and Milestones (POA&M) for companies that do not fully meet all 110 requirements during their assessment. I’m continuing to dive into the CMMC rule…it’s freaking long. Here is what it says about POA&Ms, the...
Post
The CMMC Rule is FINAL!
Woooohoooo, the long awaited CMMC Rule will be published on the Federal Register on October 15, 2024. The Wrightbrained team has spent some time looking at the document. Clarifications are a big theme. Everyone in the CMMC ecosystem had a lot of questions and there were several that stood out as the most common. I...
Post
VerySecure UAV’s On-Site CMMC Assessment – Physical Security & related domains
Disclaimer: This story is entirely fictional. Any resemblance to actual persons, living or dead, or actual events, or actual companies is purely coincidental and unintended. The characters, companies, and events portrayed are purely a work of fiction. Jil Wright, a Certified CMMC Assessor, has provided this narrative to offer organizations seeking certification an example of what...
Post
CMMC Assessment – SI Domain – MakeBelieve Manufacturing
Disclaimer: This story is entirely fictional. Any resemblance to actual persons, living or dead, or actual events, or actual companies is purely coincidental and unintended. The characters, companies, and events portrayed are purely a work of fiction. Jil Wright, a Certified CMMC Assessor, has provided this narrative to offer organizations seeking certification an example of what...