CMMC Index
Have questions about CMMC? Confused by the number of acronyms and terms? This index will provide guidance and resources to dive further into CMMC.
CMMC
CUI
Controlled Unclassified Information (CUI) is data that is entrusted to contractors in order to carry out DIB contracts. This data is created, transmitted, or stored by contractors and must be secured. This data's security contributed to the overall security posture of the nation.
FCI
Federal Contract Information (FCI) is information that is not intended for public release and contains details on contracts.
NIST 800-171
NIST 800-171 is the framework that CMMC is founded on. It consists of 110 controls with 320 assessment objectives that contractors must adhere to in order to be considered compliant. These requirements have been in place since 2017, but CMMC required third-party audits to ensure compliance.
SPRS Score
An organizations SPRS score is a score that represents how accurately they've implemented the controls within NIST 800-171. In order to pass, a contractor must score a perfect 110.
Defense Industrial Base (DIB)
The Defense Industrial Base (DIB) is a network of organization that provides products or services to the federal government. These services contribute to the nation's defense and require a certain level of security.
GRC
GRC stands for Governance, Risk, and Compliance. Every contractor should have a GRC that documents the actions being taken to reduce risk, remain compliance, and govern who is responsible and how controls are implemented.
SRM
A Shared Responsibility Matrix (SRM) is a document that outlines the compliance relationship between a contractor and their service provider. It details whose responsibility each control belongs to, and which ones are shared.
RMP
RMP or Risk Management Program is how you organization deals with risk that is present within your IT systems. What controls do you have in place to mitigate them? Who is in charge of doing so, etc.?
ITAR
ITAR stands for International Traffic in Arms Regulations and is a set of regulations regarding the export and import of defense-related articles, services, and technical data.
Additional Resources
Achieving Excellence: First CREST-Accredited CIS Controls Organization
Corporate Information Technologies (CorpInfoTech) has established itself as a leader in...
Cybersecurity Risks for SMBs
Despite what many may think, small-medium sized businesses (SMBs) are at an increased risk of being...
Cybersecurity Awareness Month 2024
Every October the Cybersecurity and Infrastructure Security Agency (CISA) celebrates cybersecurity...