Home » Featured Resources » The Relationship Between CMMC and NIST SP 800_171 White Paper

× Share this Presentation

Facebook
Twitter
Email
LinkedIn

The Relationship Between CMMC and NIST SP 800_171 White Paper

March 12, 2021 Redspin, Inc.

Share this Flipbook
Facebook
Twitter
Email
LinkedIn

NIST SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations) is a federal government standard the provides minimum requirements for non-federal agencies (i.e., Department of Defense contractors) to adequately protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).

In the past, self-attestation was the only requirement. As the threat landscape became more aggressive, an advanced cybersecurity maturity model, called the Cybersecurity Maturity Model Certification (CMMC) framework, was developed to improve the cybersecurity posture of the Defense Industrial Base (DIB) to adequately protect CUI/FCI.

About the Author

Redspin is a leading provider of risk assessments using various frameworks including NIST CSF, CMMC-AB, ISO 27001, PCI DSS, and healthcare cybersecurity consulting. We’ve helped many Fortune 500 and leading growth companies in highly regulated industries including government, financial, technology, and manufacturing improve their cyber readiness and resiliency through a strategic and proven approach to reduce cyber risks and safeguard sensitive information.
Follow on Twitter Follow on Linkedin Visit Website More Content by Redspin, Inc.

Four CMMC actions to take right now

Caleb Barlow, CEO of Cynergistek discusses ways to improve CMMC readiness once the DoD comes knocking.

Our Thoughts on CMMC Level 3 Assessments

As a candidate C3PAO undergoing our own Level 3 assessment by the Defense Industrial Base Cybersecurity Ass...

Other content in this Stream

FAQs about MSPs & CMMC

We break down MSPs in relation to CMMC assessments when most companies rely on some form of third-party assistance, whether from a Cloud Service Provider (CSP) or a Managed Service Provider (MSP).

Read Article

Cloud Service Providers & CMMC: Do they Mix?

We break down CSPs, what they are and how they can help achieve your organization's goals. In this edition, we cover cloud service provider (CSP) requirements with respect to CMMC.

Read Article

How GCC-High and a VDI Environment Can Help Clarify your Scope for Meeting CMMC Requirements

When preparing for a CMMC assessment, whether it be Level 1 or Level 3, we at Redspin advise organizations seeking certification on how GCC-High and a VDI environment can help.

Read Article

14:05

CMMC Level 3: Four Lessons Learned From an Authorized C3PAO - Part 1

As the 1st organization to pass a CMMC Level 3 assessment, Redspin’s CISO, Thomas Graham, and CMMC Provisional Assessor, Tony Buenger share a few lessons learned from Redspin’s CMMC Level 3 Assessment

Watch Video

CMMC Level 3: Four Lessons Learned from an Authorized C3PAO- Lesson 1

Redspin's CISO and CMMC Registered Practioner Dr. Thomas Graham, and CMMC Provisional Assessor Tony Buenger share the first of four lessons Redspin learned while going through the CMMC Level 3...

Read Article

Redspin Announces it is the First Organization to Pass DoD’s Cybersecurity Maturity Model Certification Level 3 Assessment

Redspin, a division of CynergisTek, is the first organization to successfully pass the CMMC Level 3 certification as a Candidate CMMC Third Party Assessor Organization (C3PAO).

Read Article

How to Effortlessly Keep Up With CMMC News & Updates

In this episode, we introduce CMMC-Spin a bi-weekly feature that delivers CMMC content directly to your inbox. Redspin's CISO, Dr. Thomas Graham, CMMC Sales Director Jeremy Mares, and CMMC...

Read Article

Four CMMC actions to take right now

Caleb Barlow, CEO of Cynergistek discusses ways to improve CMMC readiness once the DoD comes knocking.

Read Article

Our Thoughts on CMMC Level 3 Assessments

As a candidate C3PAO undergoing our own Level 3 assessment by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), this experience has provided our team here at Redspin with insights.

Read Article

Continuous Pen-Testing: What is it & Why is it Awesome?

We are shifting gears away from CMMC content this week and bring you an episode focused on the ever-exciting topic that is pen-testing. Ben Denkers of Redspin and Patrick Guay of Pcysys join us...

Read Article

The RP Episode

In this episode, get to know a few of our diverse group of CMMC Registered Practitioners, also known as "RPs", many of whom you may already be familiar with as they have been consulting with...

Read Article

0:36

Caleb Barlow Discusses Randsomware

Watch Video

Your CMMC Questions, Answered - Part 1

You asked the questions and in this episode, we answer them! This week, Tony Buenger responds to audience questions that were asked during March 25th, 2021's "Maneuvering Through The Minefield of...

Read Article

Offensive Security Services

Redspin's offensive security services test an organization's environment and people to validate the effectiveness against cyber attacks.

Read Flipbook

CMMC Scoping Environment

Scoping determines the boundaries where Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) is stored, processed, and exchanged within the Department of Defense (DoD).

Read Flipbook

Redspin Talks With Helve Longoria, CISO at FIU About CMMC

This week, special guest Helve Longoria, the CISO at Florida International University (FIU) joins Tony and Rob on the discussion of FIU needing a CMMC assessment.

Read Article

Microsoft Exchange Server Breach

In this infographic, we depict Microsoft Exchange Server Breach response procedures if exploitation activity is discovered.

Read Article

8:29

All Things CMMC from a C3PAO - Part 4 Preparing for a CMMC assessment

CynergisTek’s Director of Security Services, Dave Bailey sits down with Capability Maturity Model Certification (CMMC) Certified Provisional Assessor Tony Buenger, and CMMC Registered Practitioner Rob

Watch Video

Getting to Know Tony Buenger, CMMC Provisional Assessor

In this episode, we feature Tony Buenger to discuss his journey career and discuss what cybersecurity, compliance, and privacy mean to him.

Read Article

8:52

All Things CMMC from a C3PAO - Part 3 The CMMC Process

CynergisTek’s Director of Security Services, Dave Bailey sits down with Capability Maturity Model Certification (CMMC) Certified Provisional Assessor Tony Buenger, and CMMC Registered Practitioner Rob

Watch Video

Return to Home

The Relationship Between CMMC and NIST SP 800_171 White Paper

About the Author

Previous Article

Next Article