Time
1 hour 17 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:02
our next lesson and prepping for C. MMC now will review the framework definitions.
00:11
So in this video you'll learn about the Sea MMC Draft
00:17
version 07
00:20
the basics of the Nest, SP 801 71 which is the privacy data
00:27
document. And then we'll look at comparing the draft 0.7 against the 801 71.
00:36
And finally,
00:38
where is a far claws coming in effect with C MMC.
00:43
So see, MMC
00:46
draft 0.7
00:48
currently is reviewing as far as the accredited third party contractors that are out there
00:58
and then there are no poems
01:03
prior to going into the bidding process.
01:07
Next, there are five specific level requirements in the contract,
01:12
and the draft 0.7 has 173 controls.
01:19
Now these controls Mayberry. When Version one, the official version comes out because there was initially adopt for version
01:30
0.6 and the seven and the number of controls has definitely changed through the version. So probably a version one that will be changed in the controls
01:42
with the NUS SP 800 ash 1 71
01:48
the contractor uses at for their self assessment if they have a poem those air permitted. They just have the have as a poem
01:57
is stated as I plan of action and a milestone to be able to clear that poem.
02:06
And it's really unclear what's required by the contract right now, as far as what actually details that self assessment. And with C MMC, there will be further definition and a queer outline of what the contractors must dio.
02:27
They talk about 100 and 43 controls out of the 801 71. Then there's also 801 71 B, which they call Bravo, which gets into the higher
02:42
elements of cybersecurity. On and nose are pretty much reserved for the higher levels four and five off the contractors RFP so that if you're a contractor and
03:00
you are working with the F 45 or with one of the tanks
03:04
10 to 1, you'll have to be a level five
03:07
contractor with it. Because within the R, P E will state
03:13
that it is Level five on Lee.
03:17
So with the sea MMC access controls, I'm going to use access controls for the comparison between the draft 0.7 version and in this 801 71 so that you can see some of the similarities between their each what they call
03:37
in the level they have a practice.
03:39
And those are the practices that the contractor is to be satisfying.
03:47
And, as you can see with the access controls, they start with one P O. P. 1001 going to pee ones years or two, etcetera all the way to the P 1173
04:01
Then if we look at the f nist sp 801 71 their access controls, you can see how similar they are. The
04:13
this document here actually came out of the S P 801 71 it will for further delineates all the different domains that they review.
04:26
So with this CMM see kind of a preview,
04:30
it's for the defense industrial base, which is termed dib. So what's kind of review? A bit, currently, the contractor
04:41
is self assessing themselves. Many times I see that there are some tools that allow the contractor to do their self assessment.
04:53
And also contractors can have 1/3 party come in to do that. Help them with their self assessed, um
05:00
so going through this whole process will be changing.
05:03
Now instead of a self assessment, see MMC ISS setting up ah structure toe where they must comply and someone will actually be coming in to review.
05:17
How well are they secure? Are they really aligning with the sea MMC controls, which are reflected in the far causes and also in the SP 801 71 1 71 Bravo? It's with this
05:35
change that is occurring
05:38
off why you have to prepare now, because how you view yourself and how someone else views you could be drastically different. And this is where it's essential that the contractors reach out
05:54
and understand what the change is going to be. And when version one comes out, they'll have definitive guidance as far as what they should be aligning to. And when someone comes in to see if they're aligning to what is expected of that contractor

Up Next

CMMC Overview

This Cybersecurity Maturity Model Certification (CMMC) course provides an overview of how to prepare for future certification training, including its requirements and why it is important for contractors working with the Department of Defense.

Instructed By

Instructor Profile Image
Robert Ashcraft
IT Advisor for Regulatory / CMMC Environments at Corporate Visions
Instructor