CMMC Ecosystem I
The entity that creates accredited content for use by Licensed Training Providers (LTPs) and must develop at least one course of content that must map to 100% of exam objectives.
What is the Licensed Partner Publisher (LPP)?
These are the steps in the Risk Management Framework (RMF) Process following preparation of cybersecurity strategy at the organizational level.
What are Categorize IS, Select security controls, Implement security controls, Assess security control implementation, Authorize IS, Monitor security controls?
The regulatory authority that covers the Basic Safeguarding of Covered Contractor Information Systems, defines Federal Contract Information (FCI), lists requirements and procedures to safeguard FCI, and responsibilities when delegating work to subcontractors.
What is FAR Clause 52.204-21?
Special Publication that aims to protect the confidentiality, integrity, and availability of CUI, that outlines Enhanced Security Requirements for Protecting Controlled Unclassified Information.
What is the NIST SP 800-172?
Information that is not intended for public release, that is provided BY or generated FOR the Government under a contract to develop or deliver a service to the Government.
What is Federal Contract Information (FCI)?
These individuals or groups request consulting services to assist in their preparation for assessment.
Publication that is the foundation of bases for the design of NIST SP 800-171 and covers Security and Privacy Controls for Information Systems and Organizations.
What is NIST SP 800-53 - Security and Privacy Controls for Information Systems and Organizations?
Also thought of as "Cloud FISMA," who provide government cloud services, in which DoD requires it to be at a Moderate or Higher level for Cloud Service Providers (CSPs) that process, store, or transmit CUI for the DIB.
What is Federal Risk and Authorization Management Program (FedRAMP)?
Regulation that covers requirements for Safeguarding Covered Defense Information and Cyber Incident Reporting.
What is DFARS 252.204-7012?
An information system that is OWNED BY a contractor that processes, stores, or transmits Federal contract information.
What is Covered Contractor Information Systems?
These professionals prepare defense contractors for implementation and eventual preparation for CMMC Assessment through consulting services that include modules in FCI and implementation of CMMC Level 1 Framework.
Who are Registered Practitioners (RPs)?
Information that cannot be released to foreign nationals without first obtaining approval from the Dept. of State for items controlled by International Traffic in Arms Regulations (ITAR) or the Dept. of Commerce for items controlled by the Export Administration Regulations (EAR).
What is Export-Controlled Information (ECI)?
The five guiding principles of the CMMC CoPC.
What are professionalism, objectivity, confidentiality, proper use of methods, and information integrity.
Federal Regulation that defines controlled unclassified information (CUI) and its safeguarding.
What is 32 CFR Part 2002?
The worldwide industrial complex that includes DoD components, 100K+ companies and subcontractors, spans the globe, and that the Defense Supply Chain (DSC) extends beyond to include office equipment, food and janitorial services.
What is the Defense Industrial Base (DIB)?
Assessment team member that assesses CMMC Level 1 requirements that must complete training from a Licensed Training Provider (LTP), obtain a CPN, take an exam, sign the Professional Code of Conduct (CoPC), and pass the DOD CUI Awareness Training.
Who is a Certified CMMC Professional (CCP)?
Assessment team leader or member that assesses CMMC Level 1 and 2 requirements, and will have completed a DOD Suitability Application, successfully completed training, and completed three Level 2 assessments.
Who is a Certified CMMC Assessor (CCA)?
The number of domains in the CMMC Model and the number of domains that CMMC Level 1 is comprised of.
What are 14 domains and 6 domains that comprise of CMMC Level 1?
The publication standard that discusses the protection of Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations.
What is NIST SP 800-171 Rev. 2?
Information that the government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits and agency to handle using safeguarding or dissemination controls.
What is Controlled Unclassified Information (CUI)?
An objective and competent organization that are certified by CMMC AB to perform assessments of OSCs.
Who are CMMC Third-Party Assessment Organizations (C3PAOs)?
An established training organization that develops and delivers CMMC certification courses utilizing CAICO certified instructors and Cyber AB approved Training Material (CATM), provides Certified Training to the CMMC stakeholders, has been vetted by the CAICO, and have been approved to participate in the CMMC ecosystem.
Who are Licensed Training Partners (LTPs)?
Who are the Controlled Unclassified Information (CUI) Staff?
Regulation standard that requires a detailed self-attestation by ensuring DIB contractors report a DoD summary score of their NIST SP 800-171 compliance.
What is DFARS 252.204-7019?
This documents how NIST 800-171 security requirements are met and includes documents such as, boundary diagrams, relationship connections with other systems, etc.
What is a Systems Security Plan (SSP)?