CMMC Governance & Source Documents

Question 1

Directive requiring CUI program?

Answer 1

EO 13556

Question 2

What NIST SP is about CUI?

Answer 2

NIST SP 800-171

Question 3

Which clause requires contractors to implement 800-171?

Answer 3

DFARS 252.204-7012 - Safeguarding CDI

Question 4

Which Title includes DFARS clauses for CMMC?

Answer 4

Title 48, Ch.2, Sub-Ch H, Part 252

Question 5

Which is THE CUI Program?

Answer 5

Title 32 C.F.R., Part 2002

Question 6

Which DFARS covers Rights in Technical Data? (non-commercial)

Answer 6

Clause 7013

Question 7

What requirements speak to Cloud Service Providers? (CSP)

Answer 7

FedRAMP

Question 8

What does an OSC need with a CSP for CMMC?

Answer 8

Shared Responsibility Matrix.

Question 9

What are three (3) focus areas for the move from CMMC 1.0 to 2.0?

Answer 9

1. Reduced costs, especially for SB
2. Increasing trust in the CMMC assessment ecosystem.
3. Clarifying and aligning cybersecurity requirements to other federal requirements and commonly accepted standards.

Question 10

What are the four (4) main tenets of the DoD Acquisition efforts?

Answer 10

Price - Performance - Schedule - Security

Question 11

What is the policy for Designating, Controlling, and Decontrolling CUI?

Answer 11

Title 32 C.F.R., Part 2002