Cybersecurity Maturity Model Certification (CMMC) – What to make of the rumors of change

by | Oct 25, 2021

Executive Summary:

If you’ve heard rumors of significant changes expected to CMMC, here’s a video to help sort it out. How to make use of this calm before the storm? What can be done in the interim with confidence it will be relevant moving forward?

Read More:

It’s likely there will soon be more accountability for cybersecurity requirements in contracts with the U.S. Department of Defense (DoD). We start by looking at what is driving the continued sense of urgency. Then we examine the requirements that won’t change because they’re already included in DoD contracts now and how that’s different from CMMC.

While the Department of Defense is currently reviewing the CMMC program, those in the know are clear that current contract requirements will be the foundation for whatever comes next.

This video clears the fog and gets down to the facts using original sources from the DoD and the CMMC-Accreditation Body (CMMC-AB).


  • Why this? Why now?
  • What’s required now and why?
  • What’s new about what’s required now?
  • How is that different from CMMC?
  • How is the CMMC framework different from the CMMC model?
  • What’s the timeline?

More Field Notes

Configuration Assurance – Naming the Elephant

Configuration Assurance – Naming the Elephant

This is the story of a dilemma solved. A Chief Information Security Officer (CISO) had time and again discovered problems with patching and configuration settings not matching agreed upon standards.

The Rapidly Changing Role of the CISO

The Rapidly Changing Role of the CISO

Actionable distinctions about CISO responsibilities and the skills to master them have been identified by executive recruiters. These distinctions go beyond staffing; they also describe behaviors that increase overall InfoSec maturity.

Secure the Perimeter

Secure the Perimeter

23 Workstreams over 2 years deployed many technologies and policy changes in support of a “Defense In Depth” InfoSec strategy