In this blog, we cover Canada’s recent announcement of adopting the U.S. DoD CMMC program to enhance cyber protections for the Canadian supply chain.

As of July 2023, CMMC has made it to the final rulemaking phase! It is expected to finalize 2024.

A blog exploring the importance of proper documentation throughout a CMMC/JSVAP assessment.

Redspin experts dive into the latest draft announcement of NIST 800-171 Revision 3 which is currently in the 60-day public comment period, highlighting the key updates and impacts to Organizations Seeking Certification (OSCs).

Dave Bailey and Rob Teague discuss the key aspects of CMMC certification and how Redspin, as one of the first organizations accredited as a C3PAO for the DoD, can help DIB suppliers meet their requirements.

We explore two critical areas of the assessment process: documentation and training.

How GCC-High and a VDI environment can help organizations meet CMMC requirements by providing a more secure and controlled environment for accessing and managing CUI.

CSPs – what they are and how they can assist in achieving an organization’s goals. This blog focuses on CSP requirements related to CMMC and provides key insights and considerations for choosing a CSP that aligns with compliance standards.

We break down Managed Service Providers and in relation to CMMC, where most companies rely on some form of third-party assistance, whether from a Cloud Service Provider (CSP) or a Managed Service Provider (MSP).

Answers to frequently asked questions about JSVAP assessments, which are used to evaluate the cybersecurity posture of defense contractors. This blog aims to provide readers with a better understanding of JSVAP assessments and their significance by addressing common questions.

The Cyber AB’s Licensed Training Provider (LTP) program requires strict qualifications for organizations to become approved providers of CMMC training, with LTPs listed in the CMMC marketplace and trained by Certified CMMC Provisional Instructors (PIs) who have undergone extensive training beyond the Provisional Assessors (PAs), and all PI candidates must pass PA training before taking the PI training.

Certain changes to the CMMC model caused some controversy, but made sense in the larger picture of cybersecurity, such as the model scaled down from five levels to three.