In this month's session (the November webinar and all prior webinars remain available), we aim to address:
- Newly Available FutureFeed Resources
- Published Perspectives
- Events (Partners & Ours)
- Platform Updates for CMMC 2.0 (FutureFeed 2.0)
- CMMC 2.0 Controls
- CMMC 1.0 Deprecated (but still available)
- SPRS Score to Measure Progress
- NIST 800-171 View Returning
Mark Berman - CEO, FutureFeed.co
- Mr. Berman was one of the founding board members of the CMMC-AB.
Jim Goepel - Director of Education and Content, General Counsel
- Mr. Goepel was the Founding Director and Former Treasurer of the CMMC-AB, and is a Professor of Cyber Security at Drexel University.
For those interested, the Powerpoint used in the presentation is available here: DEC 2021 FutureFeed User Presentation.pdf
05:32 Website Update
- Latest Perspectives Section - send your thoughts to email@example.com.
- Events Section - if you would like us to publish your upcoming speaking events on our website, send your details to firstname.lastname@example.org.
- Marketplace - if you would like assistance with your compliance efforts, check the listings available from our consultant and MSP partners. Contact email@example.com to be invited to the Marketplace.
10:37 CMMC 2.0 & Updated SPRS Score Layout
- Announced 04-NOV-2021
- OUSD A&S site updated; many revisions
- Still waiting for critical information
- “The Department intends to post the CMMC 2.0 model for Levels 1 and 2, their associated Assessment Guides, and scoping guidance to this website in the coming weeks for informational purposes.”
- Consolidating from 5 tiers to 3
- Aligns CUI controls with NIST
- Level 2 (“Advanced”) eliminates “Delta 20” requirements from (former) Level 3 to align with 110 NIST SP 800-171 controls
- Level 3 (“Expert”) will be based on a subset of NIST SP 800-172 controls
The FutureFeed 2.0 upgrade to align with CMMC 2.0. Details regarding CMMC 2.0, announced on 04 NOV 2021 are available here: OUSD A&S - Cybersecurity Maturity Model Certification (CMMC) (osd.mil). The site is robust and easily consumed. It is a FutureFeed recommended read.
FutureFeed Change Listing:
- NIST 800-171 has been eliminated as a separate view given that CMMC Level 2 Advanced has the same controls. All CMMC Levels have been renumbered to reflect the new numbering scheme. When DoD releases the CMMC 2.0 Assessment Guide(s), scoping guidance, and related documents, we will update the CMMC practices and domains.
- Separate scoring and progress for NIST 800-171 has been eliminated. The new scoring box is entitled CMMC SPRS Score and has been reformatted to include a slider so that the user can visually see progress towards the goal of 100% compliance.
- CMMC v1.0 Levels 1-5 have been deprecated but remain available as additional views. While they are no longer part of the CMMC standard, many organizations may find value in practices that have been eliminated, so these practices are still referenceable. Additionally, many industry experts find the CMMC v1.0 processes to be a valuable best practices guide, and thus they remain available in the deprecated views.
- Currently CMMC Level 3 Expert is not available, pending further direction from DoD.
- The team compliance dashboard, the presentation and deliverables, and all reports have been updated to reflect the changes listed above.
- The FutureFeed platform has also been updated to reflect DoD’s CMMC 2.0 color scheme: Pink reflects CMMC Level 1 and Bright Green CMMC Level 2.
- Guidance from the DoD CMMC 2.0 website has been captured and placed in the platform in a context-sensitive manner. This will be an ongoing process.
Conforming updates to the FutureFeed.co platform already underway.
26:32 Platform Updates
- Project Builder Filter - CMMC 2.0v Level
- Import Mechanism
- Vulnerability Scans in the Assessment
- Inventory Items and Individuals - Spreadsheets, CSVs, XML files