CMMC, NIST, CUI, & DFARS News and Analysis for February 2023

CMMC, NIST, CUI, & DFARS News and Analysis for February 2023

In this episode Jacob and Jason discuss their takeaways from the February Cyber AB Town Hall. This month saw some amazing questions on #CUI, working with #DoD CIO, continuous monitoring, the cost of assessments, and #CMMC rulemaking. They also give their thoughts on the Project Spectrum feature segment of the Town Hall. Jacob and Jason also provide an overview and their takeaways from the newly released 2023 National Cybersecurity Strategy and what it means for defense contractors and CMMC.

***CORRECTION 3/3/2023: DOUBLE CHECK YOUR PROJECT SPECTRUM SELF-ASSESSMENT ANSWERS FOR PARTIAL SCORING AND SYSTEM SECURITY PLANS***

Episode Links:

Cyber AB Town Hall: https://cyberab.org/News-Events/Town-Halls

CMMC Rulemaking Overview: https://youtu.be/in69ORYRx4Y

Project Spectrum: https://www.projectspectrum.io/#/

DHS CSET Assessment Tool: https://www.cisa.gov/stopransomware/cyber-security-evaluation-tool-csetr

DHS CUI Rule: https://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202210&RIN=1601-AA76

NIST SP 800-53: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

“Common” Controls: https://csrc.nist.gov/glossary/term/common_control

“Hybrid” Controls: https://csrc.nist.gov/glossary/term/hybrid_control

“Inheritance”: https://csrc.nist.gov/glossary/term/inheritance

FedRAMP Baselines: https://www.fedramp.gov/baselines/

DoDI 5230.24 (PDF): https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodi/523024p.pdf

CUI Registry: https://www.archives.gov/cui/registry/category-list

CUI Overview: https://youtu.be/bEW7VgbIE_8

CMMC Level 1 Guide: https://www.microsoft.com/cms/api/am/binary/RE54xON

National Cyber Strategy: https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/

Cyber Strategy Overview: https://www.youtube.com/watch?v=6Fwtvcf2A2c

Sector Risk Management Agencies: https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/defense-industrial-base-sector

Vital Signs 2023 Report: https://www.ndia.org/about/press/press-releases/2023/2/8/ndia-president-urges-congress-to-ready-defense-sector-for-great-power-competition

State of the DIB Testimony: https://youtu.be/n62KE-1yQu4