Defense contractors aren't the only ones who need to implement NIST cybersecurity requirements for CUI. The big question has always been whether other agencies would require proof of implementation via the CMMC program. The GSA just revised their process for assessing nonfederal systems handling controlled unclassified information and it's way closer to NIST's Risk Management Framework than CMMC. CIO-IT Security-21-112r1 (PDF): https://www.gsa.gov/system/files/Protecting-Controlled-Unclassified-Information-%28CUI%29-in-Nonfederal-Systems-and-Organizations-Process-%5BCIO-IT-Security-21-112-Rev-1%5D.pdf Summit 7 Live San Diego: https://www.summit7.us/s7live

Sum IT Up: CMMC News Roundup

Summit 7

CMMC for GSA Contractors?

JAN 22, 202618 MIN
Sum IT Up: CMMC News Roundup

CMMC for GSA Contractors?

JAN 22, 202618 MIN

Description

<p>Defense contractors aren't the only ones who need to implement NIST cybersecurity requirements for CUI. The big question has always been whether other agencies would require proof of implementation via the CMMC program. The GSA just revised their process for assessing nonfederal systems handling controlled unclassified information and it's way closer to NIST's Risk Management Framework than CMMC.</p> <p> </p> <p>CIO-IT Security-21-112r1 (PDF): https://www.gsa.gov/system/files/Protecting-Controlled-Unclassified-Information-%28CUI%29-in-Nonfederal-Systems-and-Organizations-Process-%5BCIO-IT-Security-21-112-Rev-1%5D.pdf</p> <p> </p> <p>Summit 7 Live San Diego: https://www.summit7.us/s7live</p>