Small business challenges and earlier compliance lessons for CMMC Urupong

In a new set of video interviews, we explore the challenges unique to small businesses regarding CMMC and what updates to the underlying cybersecurity standard mean for compliance.

We are still waiting for the government to release the draft final rule for the Cybersecurity Maturity Model Certification.

But in the meantime, we have released two more episodes to help companies prepare for the industry-wide standard.

One episode dives into the small business challenges with Emery Csulack, a former chief information security officer with the Energy Department as well as the former acting CISO at the Homeland Security Department.

He is currently  CISO and director of cybersecurity compliance at Boston Government Services.

Csulack talks with Troy Schneider, president of GovExec 360, about the small business challenges involving CMMC and resources the Defense Department is making available to small businesses.

The second video features Schneider's interview with Victoria Yan Pillitteri, manager of the security engineering and risk management group at the National Institute of Standards and Technology.

She discusses the recent updates to NIST 800-171, the standard that is at the heart of CMMC.

NIST 800-171 governs how companies should protect controlled but unclassified information in their systems. To receive their CMMC certifications, companies must prove that they comply with 800-171 and undergo a third-party assessment.

Pillitteri discusses changes to 800-171 and why NIST has taken those steps.

Click here to see the interview with Emery Csulack.

Click here to see the interview with Victoria Pillitteri

We previously released my interviews with Cyber AB CEO Matt Travis and Robert Metzger, who leads the Washington officer of Rogers Joseph O’Donnell. Metzger also co-wrote the report, Deliver Uncompromised, which formed the basis for CMMC.

Click here to watch that video.