Blog - Page 3 - ComplianceForge

NIST SP 800-53 Update - WISP & CSOP

Posted by ComplianceForge on Oct 30th 2020

NIST released the final version of NIST SP 800-53B that identifies what NIST SP 800-53 R5 controls fall into low, moderate, high and privacy baselines. This allowed ComplianceForge to release new v … read more

CMMC Assessment Preparation - Can Your Documentation Tell A Story?

Posted by ComplianceForge on Oct 26th 2020

Story Time - Using Documentation To Tell Your CMMC Compliance StoryIf you are looking at a future CMMC assessment, there is a good chance that you have asked yourself what the critical component to a … read more

CMMM Kill Chain

Posted by Guest Author - Tom Cornelius on Oct 26th 2020

The concept of creating a “CMMC Kill Chain” started off as a bit of a dare… kind of a “Here! Hold my coffee!” moment among a small group of CMMC practitioners to create a proof of concept for an effic … read more

When is a conformity assessment not a conformity assessment? (hint – it is CMMC)

Posted by Guest Author - Tom Cornelius on Aug 14th 2020

This episode of Coffee Thoughts With Tom addresses CMMC as a conformity assessment, since conformity assessments are intended to use a risk-based approach to determine a confidence point (e.g., materi … read more

Is CMMC really a "maturity model" or just a controls catalog with 5 control sets?

Posted by Guest Authors - Tom Cornelius & Asfand “Ozzie” Saeed on Aug 3rd 2020

This article is about words having meaning, since the basis of Governance, Risk Management and Compliance (GRC) efforts is to identify and govern both technical and non-technical requirements that … read more