Reviewing and Measuring Activities for Effectiveness in CMMC Level 4
• Podcast
Publisher
Software Engineering Institute
Listen
Watch
Abstract
The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss reviewing and communicating CMMC activities and measuring those activities for effectiveness, which are requirements of Level 4 of the model.
About the Speaker
Andrew F. Hoover
Andrew Hoover is an SEI alumni employee.
Andrew Hoover is a senior engineer and the team lead of the Resilience Engineering Team in the CERT Division of Carnegie Mellon University’s Software Engineering Institute. In this role, Hoover focuses on cybersecurity architecture, cyber resilience, critical infrastructure protection, and teaches the CERT …
Read moreSubscribe
Supplemental Materials
Part of a Collection
Cybersecurity Maturity Model Certification Podcast Collection 1.0 (CMMC 1.0)
Cybersecurity Maturity Model Certification 1.0 (CMMC 1.0)