Time
1 hour 17 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:00
prepping for C MMC. Now let's look at the poem.
00:05
So what is a poem? A poem is you have within yourself assessment that you're doing now and going down to the C M. M. C. If you do not satisfy one of the practices or controls,
00:23
then you have, ah, deficiency.
00:26
And so you have to have a
00:30
pyin of action and a milestone, meaning When will you go and have that
00:38
fixed? So, for example, was taken access control
00:44
to where you have minimum eight characters, but you do not have complexity set.
00:51
So within your critical applications or if it's within your domain, you have to figure out one.
01:00
How long is it gonna take to get that fixed? If it's on the domain, you'll probably fairly quick if it's within a critical application. Depending upon who's supporting that application, it may take a month or so to be able to fix it so you would have a plan of action
01:21
with the date that you're gonna have it fixed and who will be
01:25
assessed with fixing that poem.
01:30
So who actually creates the p o. A. The plan of action? And that is within each contractor structure can be different. So within it, if you have 1/3 party whose has the manage services, you can work with them where they would help
01:49
create that plan of action for you. If you have high tea capability within your structure than the person whether see Iot manager by T or C, I s o will go and create that plan of action.
02:09
Then the next thing is you go. Okay, So what's an acceptable milestone?
02:15
Currently, with the milestones you could potentially, I guess, have a six months or a year. Some of the
02:23
deficiencies that are out there could actually require a new piece of software.
02:30
It could be that you have to wait for the next version to come out that will actually fix that deficiency with it.
02:38
But
02:38
now with the sea MMC
02:43
that poems are not allowed
02:46
and they must all be closed to be able to get that certification. And this is probably one of the biggest stumbling blocks that I have
02:58
noted in my talks with some of the contractors and also third parties. And this actually goes back because what if you have to put a new application in to be able to satisfy that poem. What if it's going to take some time? So that's why
03:15
and looking at the poems you've gotto go and look at your structure. Now
03:22
go and bring in work with your third party. Work with another
03:27
pre assessor type person to be able to go in and what you know, you. What is actually wrong within your infrastructure.
03:37
Don't rely just on yourself because you need another set of eyes working at your infrastructure and saying, You know
03:46
this one area that you have it could be with backups. It could be with communications of VPN.
03:54
This may not be acceptable. And, as you know, if you are actually going working on firewall, if you're working on applications,
04:04
it could take a long time to be able one to get it done to to get the appropriate parties. Plus, what about the budget?
04:14
Some of the applications could be $100,000.500,000 dollars, depending on what the application is doing. And if you don't have that budgeted,
04:26
are you going to be able to go up to the board or to the president and say for us to be able to get this RFP this contract we need to g o and get the software or new firewall, whatever it is to be able to satisfy these poems.
04:45
So it's so important. It's so so important
04:48
that you start prepping now reach out Goto workshops go out to other vendors as they go and talk about cybersecurity. Talk with cybersecurity experts out there
05:03
and look at yourself. Have other people look at your infrastructure so that as the D O. D rolls out the CMM, see, you will be ready and passed with flying colors.

Up Next

CMMC Overview

This Cybersecurity Maturity Model Certification (CMMC) course provides an overview of how to prepare for future certification training, including its requirements and why it is important for contractors working with the Department of Defense.

Instructed By

Instructor Profile Image
Robert Ashcraft
IT Advisor for Regulatory / CMMC Environments at Corporate Visions
Instructor