CMMC 2.0 Is FINALLY Here - What Happens Next (with Stacy Bostjanick) скачать в хорошем качестве

CMMC 2.0 Is FINALLY Here - What Happens Next (with Stacy Bostjanick)

It’s been a long and wild ride on this CMMC ship! In this episode, I speak with Stacy Bostjanick who is the Director of the CMMC program at DoD CIO! 👉 Here are some of the highlights: ✅ Expectations for the initial phase in of CMMC ✅ Who determines CMMC levels for contracts? ✅ How will CMMC waivers work? ✅ Criteria for CMMC level 2 self-assessments and CMMC level 3 ✅ Early use of NIST 800-171 r3 And so much more! First mentioned in 2019, CMMC 1.0 was released in 2020. CMMC 1.0 was reviewed after the change in administration, they released CMMC 2.0 in late 2021, and then… There was a great silence. If you threw a small rock, you’d hit 27 people who thought CMMC was going away. All this time though, the DoD was quietly marching on. They released the proposed CMMC program rule in December 2023 and released the final CMMC program rule in October 2024 - which is now EFFECTIVE. After all of that, CMMC will FINALLY begin to phase into DoD solicitations and contracts by this summer. CMMC has been a LONG time coming, and it was an honor to hear the back story and why important decisions were made! What were your biggest takeaways? Let me know in the comments! Follow Stacy on LinkedIn:   / stacy-bostjanick-a3b67173   DoD CIO CMMC website: https://dodcio.defense.gov/CMMC/ ----------- Thanks to our sponsor Vanta! Want to save time filling out security questionnaires? Experience questionnaire automation here: https://vanta.com/grcacademy ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_so... #cmmc 00:00:00 Beginning 00:00:22 Stacy's Background 00:01:50 The History of the CMMC Program 00:08:29 Why was CMMC transitioned from OUSD (A&S) to DoD CIO? 00:09:36 The CMMC 1.0 to 2.0 revision 00:12:29 CMMC 2.0 Rulemaking 00:20:02 CMMC 2.0 - POA&Ms 00:21:41 CMMC 2.0 - Waivers 00:23:41 CMMC 2.0 - Phase 1 Changes 00:25:32 External Service Providers and Security Protection Data 00:29:04 CMMC level 2 self-assessment criteria 00:29:57 How CMMC levels will be determined 00:34:49 CMMC level 3 criteria 00:36:33 NIST 800-171 R3 early adoption 00:43:00 CMMC 2.0 assessments for NIST 800-171 R3 00:46:25 Prime contractor responsibility 00:47:34 Limiting the regulated data subcontractors receive 00:50:26 Efforts to Help Small Businesses 00:51:47 How Many Contractors are in the DIB? 00:53:46 CMMC Rollout - Phase 1 01:00:51 International Interest in CMMC 01:04:35 Lessons Learned 01:06:52 CMMC Expanding to Other Agencies 01:07:20 Conclusion