The Relationship Between CMMC and NIST SP 800_171 White Paper

March 12, 2021 Redspin, Inc.

Share this Flipbook
Facebook
Twitter
Email
LinkedIn

NIST SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations) is a federal government standard the provides minimum requirements for non-federal agencies (i.e., Department of Defense contractors) to adequately protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).

In the past, self-attestation was the only requirement. As the threat landscape became more aggressive, an advanced cybersecurity maturity model, called the Cybersecurity Maturity Model Certification (CMMC) framework, was developed to improve the cybersecurity posture of the Defense Industrial Base (DIB) to adequately protect CUI/FCI.

About the Author

Redspin is a leading provider of risk assessments using various frameworks including NIST CSF, CMMC-AB, ISO 27001, PCI DSS, and healthcare cybersecurity consulting. We’ve helped many Fortune 500 and leading growth companies in highly regulated industries including government, financial, technology, and manufacturing improve their cyber readiness and resiliency through a strategic and proven approach to reduce cyber risks and safeguard sensitive information.
Follow on Twitter Follow on Linkedin Visit Website More Content by Redspin, Inc.

Four CMMC actions to take right now

Caleb Barlow, CEO of Cynergistek discusses ways to improve CMMC readiness once the DoD comes knocking.

Our Thoughts on CMMC Level 3 Assessments

As a candidate C3PAO undergoing our own Level 3 assessment by the Defense Industrial Base Cybersecurity Ass...

Other content in this Stream

CMMC Level 2 Bifurcation Rule

The Relationship Between CMMC and NIST SP 800_171 White Paper

About the Author

Previous Article

Next Article

Other content in this Stream

Certain changes to the CMMC model caused some controversy, but made sense in the larger picture of Cybersecurity, such as the model scaled down from five levels to three.

The CMMC-AB has limited organizations that can provide CMMC training under the established, Licensed Training Partner (LTP) program.

The DoD has issued a long-awaited statement regarding updates to its Cybersecurity Maturity Model Certification (CMMC) program, and this newly announced CMMC 2.0 program has some indicated...

Learn how PreVeil and Redspin can help your CMMC compliance strategy.

Carrie Mulcahy, VP of Marketing at Redspin provides non-I.T. insight into what goes on during a CMMC Level 3 assessment interview. She talks with Dr. Thomas Graham about her role as well as the...

Carrie Mulcahy, VP of Marketing at Redspin provides non-IT insight into what goes on during a CMMC Level 3 assessment interview. She talks with Dr. Thomas Graham about her role as well as the marketin

If you're an Organization Seeking Certification (OSC), want to become a CMMC Certified Assessor, or want to become a Certified CMMC Professional (CCP) for resource and guidance purposes start by...

Redspin's CISO and CMMC Registered Practioner Dr. Thomas Graham, and CMMC Provisional Assessor Tony Buenger share a third lesson Redspin learned while going through the CMMC Level 3 assessment...

Redspin's CISO and CMMC Registered Practioner Dr. Thomas Graham, and CMMC Provisional Assessor Tony Buenger share a third lesson Redspin learned while going through the CMMC Level 3 assessment...

We break down MSPs in relation to CMMC assessments when most companies rely on some form of third-party assistance, whether from a Cloud Service Provider (CSP) or a Managed Service Provider (MSP).

We break down CSPs, what they are and how they can help achieve your organization's goals. In this edition, we cover cloud service provider (CSP) requirements with respect to CMMC.

When preparing for a CMMC assessment, whether it be Level 1 or Level 3, we at Redspin advise organizations seeking certification on how GCC-High and a VDI environment can help.

Redspin's CISO and CMMC Registered Practioner Dr. Thomas Graham, and CMMC Provisional Assessor Tony Buenger share the second of four lessons Redspin learned while going through the CMMC Level 3...

As the 1st organization to pass a CMMC Level 3 assessment, Redspin’s CISO, Thomas Graham, and CMMC Provisional Assessor, Tony Buenger share a few lessons learned from Redspin’s CMMC Level 3 Assessment

Redspin's CISO and CMMC Registered Practioner Dr. Thomas Graham, and CMMC Provisional Assessor Tony Buenger share the first of four lessons Redspin learned while going through the CMMC Level 3...

Redspin, a division of CynergisTek, is the first organization to successfully pass the CMMC Level 3 certification as a Candidate CMMC Third Party Assessor Organization (C3PAO).

In this episode, we introduce CMMC-Spin a bi-weekly feature that delivers CMMC content directly to your inbox. Redspin's CISO, Dr. Thomas Graham, CMMC Sales Director Jeremy Mares, and CMMC...

Caleb Barlow, CEO of Cynergistek discusses ways to improve CMMC readiness once the DoD comes knocking.

As a candidate C3PAO undergoing our own Level 3 assessment by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), this experience has provided our team here at Redspin with insights.

We are shifting gears away from CMMC content this week and bring you an episode focused on the ever-exciting topic that is pen-testing. Ben Denkers of Redspin and Patrick Guay of Pcysys join us...