The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model and researchers at Carnegie Mellon University's Software Engineering Institute, discuss the Level 3 Assessment Guide for the CMMC and how it differs from the Level 1 Assessment Guide.
Cybersecurity Metrics: Protecting Data and Understanding Threats
3 Key Elements for Designing Secure Systems
Using Role-Playing Scenarios to Identify Bias in LLMs
Best Practices and Lessons Learned in Standing Up an AISIRT
3 API Security Risks (and How to Protect Against Them)
Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices
Capability-based Planning for Early-Stage Software Development
Safeguarding Against Recent Vulnerabilities Related to Rust
Developing a Global Network of Computer Security Incident Response Teams (CSIRTs)
Automated Repair of Static Analysis Alerts
Cyber Career Pathways and Opportunities
My Story in Computing with Sam Procter
Developing and Using a Software Bill of Materials Framework
The Importance of Diversity in Cybersecurity: Carol Ware
The Importance of Diversity in Software Engineering: Suzanne Miller
The Importance of Diversity in Artificial Intelligence: Violet Turri
Using Large Language Models in the National Security Realm
Atypical Applications of Agile and DevSecOps Principles
When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction
The Impact of Architecture on Cyber-Physical Systems Safety
Create your
podcast in
minutes
It is Free