51 min
CMMC - Interview with FedRAMP Author and Architect, Dave Fairburn The SimpliCompliance Podcast
-
- Technology
In this episode, Craig Willard, CMMC-AB Registered Practitioner, and Dave Fairburn, nationally known as the architect and author of the Federal Risk Authorization and Management Program (FedRAMP) talk about many enlightening topics regarding CMMC.
Questions:
• How did you become the Author and Architect of FedRAMP.
• With an increasing level of vendors offering CUI cloud storage that meets CMMC requirements, how can a contractor quiet the noise and pick a vendor that will be able to truly meet 800-171/CMMC requirements for storing CUI?
• If an OSC is seeking ML-1, even though documentation is not required, what are you, as a provisional Assessor, expecting to see documented in order to certify the OSC as ML-1?
• I’ve heard that the CMMC-AB is designating assessor data as CUI. Along that same vein, If an OSC is seeking ML-3 and they store validating documentation needed for the assessor in DropBox or any other non 7012 compliant solutions, would that also need to be considered CUI and stored within an environment meeting 7012 requirements?
• For ML-3, is data such as system vulnerability scans, user names, and associated privileged levels considered CUI?
• System vulnerabilities are noted in the archives as CUI, however, I’m hearing others say a contractor's system vulnerabilities on their CUI infrastructure is not CUI.
Dave Fairburn Contact Info:
Dave.Fairburn@CyberPros.us
https://www.CyberPros.us
https://www.linkedin.com/in/dave-fairburn-cissp-pmp-cmmc-pa-cmmc-rp-93b87717/
If you need help with your CMMC Compliance, reach out to us:
www.WeSimplifIT.com
502-783-6630
---
Send in a voice message: https://podcasters.spotify.com/pod/show/simplicompliancepodcast/message
In this episode, Craig Willard, CMMC-AB Registered Practitioner, and Dave Fairburn, nationally known as the architect and author of the Federal Risk Authorization and Management Program (FedRAMP) talk about many enlightening topics regarding CMMC.
Questions:
• How did you become the Author and Architect of FedRAMP.
• With an increasing level of vendors offering CUI cloud storage that meets CMMC requirements, how can a contractor quiet the noise and pick a vendor that will be able to truly meet 800-171/CMMC requirements for storing CUI?
• If an OSC is seeking ML-1, even though documentation is not required, what are you, as a provisional Assessor, expecting to see documented in order to certify the OSC as ML-1?
• I’ve heard that the CMMC-AB is designating assessor data as CUI. Along that same vein, If an OSC is seeking ML-3 and they store validating documentation needed for the assessor in DropBox or any other non 7012 compliant solutions, would that also need to be considered CUI and stored within an environment meeting 7012 requirements?
• For ML-3, is data such as system vulnerability scans, user names, and associated privileged levels considered CUI?
• System vulnerabilities are noted in the archives as CUI, however, I’m hearing others say a contractor's system vulnerabilities on their CUI infrastructure is not CUI.
Dave Fairburn Contact Info:
Dave.Fairburn@CyberPros.us
https://www.CyberPros.us
https://www.linkedin.com/in/dave-fairburn-cissp-pmp-cmmc-pa-cmmc-rp-93b87717/
If you need help with your CMMC Compliance, reach out to us:
www.WeSimplifIT.com
502-783-6630
---
Send in a voice message: https://podcasters.spotify.com/pod/show/simplicompliancepodcast/message
51 min