What does CMMC stand for? - ✔✔Cybersecurity Maturity Model Certification
What is CMMC? - ✔✔A cybersecurity compliance mandate, required by the US DoD of orgs that serve
the DoD (prime contractors and their subcontractors)
Who mandated CMMC? What org runs the CMMC program? - ✔✔US DoD. Cyber AB runs it.
Who is subject to CMMC? - ✔✔Private sector orgs in the DIB (& higher Ed that obtain DoD research
grants with CUI)
What is the purpose of CMMC - ✔✔The DoD's goal is to strengthen the cybersecurity posture of their
suppliers and protect controlled unclassified info (CUI)
What is the acronym for the data that the DoD is seeking to protect? What does the acronym stand for?
- ✔✔CUI; Controlled unclassified information
What set of standards is CMMC based upon? - ✔✔NIST 800-171
What is the acronym for the companies that will perform CMMC audits? What does this acronym stand
for? - ✔✔C3PAO - Certified Third-party assessment organizations.
What are at least (3) major reasons that a DIB org should want to self-attest truthfully and/or be
compliant with CMMC? - ✔✔Not awarded contract work / DOJ ramifications / contract termination or
suspension / False Claims Act violations / fines and penalties.
How many domains are part of NIST 800-171 - ✔✔14
Name 6 of the domains - ✔✔Access control, awareness and training, audit and accountability,
configuration management, identification and authentication, incident response, Maintenance, media
, protection, personnel security, physical protection, risk assessment, security assessment, system and
comms protection, system and information integrity.
How many controls compromise 800-171 - ✔✔110
Each control has 2 primary components and they are ———— and ————. - ✔✔Policy & practice
NIST does not "weight" the criticality of any particular security control, but the DoD has. How does this
weighting / prioritization system work? - ✔✔Assessment methodology. Scale of 1, 3, or 5. 1 being lowest
and 5 being highest and most critical. No POAMs for 5.
What is the primary document that outlines any DIB's cyber program - ✔✔Systems and Security plan -
SSP
What are at least (3) things that would be discussed in this document - ✔✔Security policies, roles and
responsibilities, details the different security standards and guidelines that the org follows, identifies all
its hardware and the software installed on the system, include high-level diagrams that show how
connected systems talk to each other.
Provides an example of policy and practice - ✔✔Policy: user must reset password every x days and the
password must contain certain parameters.
Practice: sys admin creates the rules to remind users.
How many levels did CMMC 1.0 have - ✔✔5
How many levels are in CMMC 2? How many controls? How many objectives - ✔✔3 levels, 110 controls,
320+ objectives
What is the difference between a control and an objective - ✔✔Control = security control that must be
met to be compliant. Objectives are the criteria within a control that are auditable
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller VasilyKichigin. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.48. You're not tied to anything after your purchase.
