Chapter 5: The road to certification

Gap analysis and POA&Ms

Even the most cursory perusal of the 17 domains makes it obvious that implementing the controls is a long, involved process. Therefore, while the implementation of a NIST framework to protect CUI will undoubtedly increase cybersecurity manyfold for any organization, it should only be undertaken as a business decision. If the organization can exist and prosper only by fulfilling DoD contracts, then it should start the implementation process. It should be noted that this framework may be expanded to all government contracts that concern CUI. Since there are 70 CUI categories, the number of contracts where the implementation of these controls might be appropriate may be extensive.

The ...

Get The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide by William Gamble

CHAPTER 5: THE ROAD TO CERTIFICATION

Gap analysis and POA&Ms

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly