From the Spring 2023 Issue

How It Started and How It’s Going: CMMC Rule-Making Processes in Flux

Author(s):

Guy M. Bilyou, Cybersecurity Lead / ArCybr Lead Assessor, ArCybr

CMMC Rule Making Proccess

“Fits and starts” is the cliche that comes to mind when considering the rocky roll out of the National Institute of Standards and Technology’s (NIST’s) Cybersecurity Maturity Model Certification (CMMC). Throughout the development of CMMC, numerous aspects have changed – the definitions, characteristics, and controls; the way organizations will be assessed; and even the requirements … Read more

From the Winter 2023 Issue

Writing Effective Policies for CMMC 2.0 Compliance

Author(s):

Guy M. Bilyou, Cybersecurity Lead / ArCybr Lead Assessor, ArCybr

writing-cmmc-2-policies

Wading through a CMMC 2.0 assessment preparation can remind one of driving through a thick fog with obstacles and hazards appearing and mere seconds to react. One way to cut through the fog of preparation is a technique that involves the writing and revising of policies and procedures based on a well-organized System Security Plan … Read more

From the Fall 2022 Issue

Are You Prepared to Meet the CMMC Guidelines? Advice on How to Ready Your Organization

Author(s):

Guy M. Bilyou, Cybersecurity Lead / ArCybr Lead Assessor, ArCybr

ArCybr-CMMC

CMMC. If you work as a U.S. defense contractor, chances are you have heard this term thrown around since 2019. While the COVID-19 pandemic, changes in DoD leadership, and content revisions delayed roll-out of the CMMC program, it will be back on track for implementation by late 2023.  But what is CMMC? Are you ready … Read more