Jacob Horneโ€™s Post

View profile for Jacob Horne, graphic
Jacob Horne

CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |

๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš  Well folks, they really did it and I got a raven in the middle of vacay. Just 185 days after the CMMC proposed rule was published, the DoD has officially submitted the 32 CFR CMMC program rule and all supporting documentation to OIRA for final review. This is the last step before publication of the final rule in the Federal Register. OIRA has up to 90 - 120 days for their review. ๐—ง๐—ต๐—ฎ๐˜ ๐—ฝ๐˜‚๐˜๐˜€ ๐˜๐—ต๐—ฒ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜„๐—ถ๐—ป๐—ฑ๐—ผ๐˜„ ๐—ฏ๐—ฒ๐˜๐˜„๐—ฒ๐—ฒ๐—ป ๐—น๐—ฎ๐˜๐—ฒ ๐—ฆ๐—ฒ๐—ฝ๐˜๐—ฒ๐—บ๐—ฏ๐—ฒ๐—ฟ - ๐—น๐—ฎ๐˜๐—ฒ ๐—ข๐—ฐ๐˜๐—ผ๐—ฏ๐—ฒ๐—ฟ. Once published, there will be a delay of ~60 days before the final rule is "effective". At that point, that's it. The CMMC program will be official. A couple of notes: - DoD ripped through ๐—ผ๐˜ƒ๐—ฒ๐—ฟ ๐Ÿญ,๐Ÿด๐Ÿฌ๐Ÿฌ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ ๐—ฐ๐—ผ๐—บ๐—บ๐—ฒ๐—ป๐˜๐˜€, made their edits, and officially submitted the final rule in six months and two days so the odds of any major changes from the proposed rule in response to public comments is extremely low. - The rule is officially in the queue well ahead of the November election and I wouldn't be surprised to see OIRA wrap up well before the 90 day mark. - For those keeping score at home DoD pumped out this final rule ๐Ÿฑ๐Ÿฑ% ๐—ณ๐—ฎ๐˜€๐˜๐—ฒ๐—ฟ ๐˜๐—ต๐—ฎ๐—ป ๐˜๐—ต๐—ฒ ๐—ฎ๐˜ƒ๐—ฒ๐—ฟ๐—ฎ๐—ด๐—ฒ (127 business days instead of 283). I hope companies have been using the last several years of prep time wisely. โ€œ๐˜๐˜ตโ€™๐˜ด ๐˜ฐ๐˜ฏ๐˜ญ๐˜บ ๐˜ธ๐˜ฉ๐˜ฆ๐˜ฏ ๐˜ต๐˜ฉ๐˜ฆ ๐˜ต๐˜ช๐˜ฅ๐˜ฆ ๐˜จ๐˜ฐ๐˜ฆ๐˜ด ๐˜ฐ๐˜ถ๐˜ต ๐˜ต๐˜ฉ๐˜ข๐˜ต ๐˜บ๐˜ฐ๐˜ถ ๐˜ฅ๐˜ช๐˜ด๐˜ค๐˜ฐ๐˜ท๐˜ฆ๐˜ณ ๐˜ธ๐˜ฉ๐˜ฐโ€™๐˜ด ๐˜ฃ๐˜ฆ๐˜ฆ๐˜ฏ ๐˜ด๐˜ธ๐˜ช๐˜ฎ๐˜ฎ๐˜ช๐˜ฏ๐˜จ ๐˜ฏ๐˜ข๐˜ฌ๐˜ฆ๐˜ฅโ€ - Warren Buffet Happy Friday ๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš 

  • No alternative text description for this image
Jacob Horne

CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |

1mo

๐Ÿ“Œ Haters will say it's fake: https://www.reginfo.gov/public/jsp/EO/eoDashboard.myjsp

Like
Reply
14 Reactions
Nick Miller

AWS Marketplace โ€” US Federal Government, Healthcare & Non-Profit Team Lead at Amazon Web Services (AWS)

4w

Perhaps I lack creativity, but I canโ€™t see how CMMC v2.0 becomes anything but a program destined to be mired in regulatory lawsuit hell โ€” particularly in light of yesterdayโ€™s SCOTUS Chevronโ€™s ruling. John Sherman cited lengthy lawsuit as a reason for cancelling JEDI. Lots of popcorn still remains imoโ€ฆ ๐Ÿฟ https://thehill.com/regulation/court-battles/4745680-supreme-court-chevron-case/amp/

Like
Reply
4 Reactions
Vincent Scott

CEO, Defense Cybersecurity Group (DCG), FBI Infragard SME on Cyberwarfare and Deputy Sector Lead, Defense Industrial Base

1mo

Oh man. I owe you Scotch. I guess I better start selecting a nice bottle.

Like
Reply
8 Reactions
Brad Shannon

Director of Product Management, Managed Services | Cybersecurity | Compliance | Strategy | CMMC CCP | Veteran | Banana Thrower | Chief of Too Many Tags

1mo

That was a lot faster than I expected! Thanks for posting between golf swings!

Like
Reply
6 Reactions
Richard Christopher

-=> Dad^3 -|- Digital Pioneer <=-

1mo

You mean they aren't listening to actual technicians and engineers that work in the field that they are passing legislation in? That's surprising

Like
Reply
Renee Stock

VP, Technology Practice Leader

1mo

๐ŸŽต "guess who's back....back again...๐ŸŽต ...and with good news.

Like
Reply
4 Reactions
Omar Sangurima

Cyber Fixer

1mo

So dope with the reaction meme ๐Ÿ˜‚

Like
Reply
2 Reactions
Ryan B.

CUI Safeguarding Strategy

1mo

Prime contractors: "Every time someone says CMMC isn't happening, I do one push-up."

Like
Reply
17 Reactions
Richard (Dick) Brooks

1mo

"Secure by Design" has caught fire and people are seeing the value that these prudent principles provide to help parties identify secure software and digital products that meet minimum security requirements, as described in the "CISA Secure Software Attestation Form" that vendors upload to the US Government for approval as "Secure by Design" in CISAs RSAA portal. Form collection began on June 8. CISAs "Software Assurance Buyers Guide" provides details for what is expected from vendors to pass the "Secure by Design" approval process.

Like
Reply
5 Reactions
Shauna Weatherly

Federal Acquisition SME (35+ Yrs of Federal Service (Retired)), Small Business Advocate, & President | Founder of FedSubK, a SBA-Certified WOSB Helping Small Businesses Expand Their Federal Contracting Knowledge.

1mo

But....that timeline of 90 -120 days is only if OIRA-- -- needs the full time (90, possible and will depend on the extent of changes from the proposed rule) -- needs a full 30-day extension (120, which I doubt but...never say never) -- doesn't find issues that require the case manager to go back to the agency for coordination (which is possible if discrepancies are found where changes were made). Don't forget the time at the Federal Register preparing the rule for publication.. That can take a couple weeks. Once this is out, watch for the FAR Cases 2021-019 and -017 to follow rather quickly (well, quickly in rulemaking time).

Like
Reply
4 Reactions
See more comments

To view or add a comment, sign in

More Relevant Posts

  • View profile for Fernando Machado, CISSP, CISM, CCA, CCP, graphic
    Fernando Machado, CISSP, CISM, CCA, CCP

    Managing Principal/CISO @ Cybersec Investments | Authorized C3PAO

    On June 27, 2024 the Department of Defense (DoD) has submitted the Cybersecurity Maturity Model Certification (CMMC) Program rule to the Office of Information and Regulatory Affairs (OIRA) for final review and publication. Here are some important timelines to consider: *OIRA has 90-120 days to review the rule, putting the rule publication date between late September through late October. *Once published in the Federal Register, the rule will be effective 60 days later, making the CMMC Program official You can see the CMMC Program rule status under โ€˜Department of Defenseโ€™: https://lnkd.in/eMv4tAh7 #cmmc #dod #cybersecurity

    View profile for Jacob Horne, graphic
    Jacob Horne

    CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |

    ๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš  Well folks, they really did it and I got a raven in the middle of vacay. Just 185 days after the CMMC proposed rule was published, the DoD has officially submitted the 32 CFR CMMC program rule and all supporting documentation to OIRA for final review. This is the last step before publication of the final rule in the Federal Register. OIRA has up to 90 - 120 days for their review. ๐—ง๐—ต๐—ฎ๐˜ ๐—ฝ๐˜‚๐˜๐˜€ ๐˜๐—ต๐—ฒ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜„๐—ถ๐—ป๐—ฑ๐—ผ๐˜„ ๐—ฏ๐—ฒ๐˜๐˜„๐—ฒ๐—ฒ๐—ป ๐—น๐—ฎ๐˜๐—ฒ ๐—ฆ๐—ฒ๐—ฝ๐˜๐—ฒ๐—บ๐—ฏ๐—ฒ๐—ฟ - ๐—น๐—ฎ๐˜๐—ฒ ๐—ข๐—ฐ๐˜๐—ผ๐—ฏ๐—ฒ๐—ฟ. Once published, there will be a delay of ~60 days before the final rule is "effective". At that point, that's it. The CMMC program will be official. A couple of notes: - DoD ripped through ๐—ผ๐˜ƒ๐—ฒ๐—ฟ ๐Ÿญ,๐Ÿด๐Ÿฌ๐Ÿฌ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ ๐—ฐ๐—ผ๐—บ๐—บ๐—ฒ๐—ป๐˜๐˜€, made their edits, and officially submitted the final rule in six months and two days so the odds of any major changes from the proposed rule in response to public comments is extremely low. - The rule is officially in the queue well ahead of the November election and I wouldn't be surprised to see OIRA wrap up well before the 90 day mark. - For those keeping score at home DoD pumped out this final rule ๐Ÿฑ๐Ÿฑ% ๐—ณ๐—ฎ๐˜€๐˜๐—ฒ๐—ฟ ๐˜๐—ต๐—ฎ๐—ป ๐˜๐—ต๐—ฒ ๐—ฎ๐˜ƒ๐—ฒ๐—ฟ๐—ฎ๐—ด๐—ฒ (127 business days instead of 283). I hope companies have been using the last several years of prep time wisely. โ€œ๐˜๐˜ตโ€™๐˜ด ๐˜ฐ๐˜ฏ๐˜ญ๐˜บ ๐˜ธ๐˜ฉ๐˜ฆ๐˜ฏ ๐˜ต๐˜ฉ๐˜ฆ ๐˜ต๐˜ช๐˜ฅ๐˜ฆ ๐˜จ๐˜ฐ๐˜ฆ๐˜ด ๐˜ฐ๐˜ถ๐˜ต ๐˜ต๐˜ฉ๐˜ข๐˜ต ๐˜บ๐˜ฐ๐˜ถ ๐˜ฅ๐˜ช๐˜ด๐˜ค๐˜ฐ๐˜ท๐˜ฆ๐˜ณ ๐˜ธ๐˜ฉ๐˜ฐโ€™๐˜ด ๐˜ฃ๐˜ฆ๐˜ฆ๐˜ฏ ๐˜ด๐˜ธ๐˜ช๐˜ฎ๐˜ฎ๐˜ช๐˜ฏ๐˜จ ๐˜ฏ๐˜ข๐˜ฌ๐˜ฆ๐˜ฅโ€ - Warren Buffet Happy Friday ๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš 

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for Todd Whitley, graphic
    Todd Whitley

    Your business thrives with effective technology guidance | Partner with Intelligent Technical Solutions

    It's important to keep in mind that preparing for that 3rd party certification audit with your 3CPAO (you do have one lined up, right?) is likely a 12+ month project to implement under normal circumstances. Now it's the busy season. #cmmc #dib #3cpao

    View profile for Jacob Horne, graphic
    Jacob Horne

    CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |

    ๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš  Well folks, they really did it and I got a raven in the middle of vacay. Just 185 days after the CMMC proposed rule was published, the DoD has officially submitted the 32 CFR CMMC program rule and all supporting documentation to OIRA for final review. This is the last step before publication of the final rule in the Federal Register. OIRA has up to 90 - 120 days for their review. ๐—ง๐—ต๐—ฎ๐˜ ๐—ฝ๐˜‚๐˜๐˜€ ๐˜๐—ต๐—ฒ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜„๐—ถ๐—ป๐—ฑ๐—ผ๐˜„ ๐—ฏ๐—ฒ๐˜๐˜„๐—ฒ๐—ฒ๐—ป ๐—น๐—ฎ๐˜๐—ฒ ๐—ฆ๐—ฒ๐—ฝ๐˜๐—ฒ๐—บ๐—ฏ๐—ฒ๐—ฟ - ๐—น๐—ฎ๐˜๐—ฒ ๐—ข๐—ฐ๐˜๐—ผ๐—ฏ๐—ฒ๐—ฟ. Once published, there will be a delay of ~60 days before the final rule is "effective". At that point, that's it. The CMMC program will be official. A couple of notes: - DoD ripped through ๐—ผ๐˜ƒ๐—ฒ๐—ฟ ๐Ÿญ,๐Ÿด๐Ÿฌ๐Ÿฌ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ ๐—ฐ๐—ผ๐—บ๐—บ๐—ฒ๐—ป๐˜๐˜€, made their edits, and officially submitted the final rule in six months and two days so the odds of any major changes from the proposed rule in response to public comments is extremely low. - The rule is officially in the queue well ahead of the November election and I wouldn't be surprised to see OIRA wrap up well before the 90 day mark. - For those keeping score at home DoD pumped out this final rule ๐Ÿฑ๐Ÿฑ% ๐—ณ๐—ฎ๐˜€๐˜๐—ฒ๐—ฟ ๐˜๐—ต๐—ฎ๐—ป ๐˜๐—ต๐—ฒ ๐—ฎ๐˜ƒ๐—ฒ๐—ฟ๐—ฎ๐—ด๐—ฒ (127 business days instead of 283). I hope companies have been using the last several years of prep time wisely. โ€œ๐˜๐˜ตโ€™๐˜ด ๐˜ฐ๐˜ฏ๐˜ญ๐˜บ ๐˜ธ๐˜ฉ๐˜ฆ๐˜ฏ ๐˜ต๐˜ฉ๐˜ฆ ๐˜ต๐˜ช๐˜ฅ๐˜ฆ ๐˜จ๐˜ฐ๐˜ฆ๐˜ด ๐˜ฐ๐˜ถ๐˜ต ๐˜ต๐˜ฉ๐˜ข๐˜ต ๐˜บ๐˜ฐ๐˜ถ ๐˜ฅ๐˜ช๐˜ด๐˜ค๐˜ฐ๐˜ท๐˜ฆ๐˜ณ ๐˜ธ๐˜ฉ๐˜ฐโ€™๐˜ด ๐˜ฃ๐˜ฆ๐˜ฆ๐˜ฏ ๐˜ด๐˜ธ๐˜ช๐˜ฎ๐˜ฎ๐˜ช๐˜ฏ๐˜จ ๐˜ฏ๐˜ข๐˜ฌ๐˜ฆ๐˜ฅโ€ - Warren Buffet Happy Friday ๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš 

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for Lawrence Pippins, graphic
    Lawrence Pippins

    IT Professional | Driving Tech-driven Growth and Market Penetration | Strategist, Innovator, and Brand Builder

    It looks like the hemming and hawing is coming to an end. Things are progressing. There is no more denying the existence and enforcement of the CMMC rule in the very near future. Get prepared. If you don't know how or where to start, I would recommend having a conversation with an External Service Provider like Summit 7. If you want to talk today, reach out to Brittany Etherly to start the conversation.

    View profile for Jacob Horne, graphic
    Jacob Horne

    CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |

    ๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš  Well folks, they really did it and I got a raven in the middle of vacay. Just 185 days after the CMMC proposed rule was published, the DoD has officially submitted the 32 CFR CMMC program rule and all supporting documentation to OIRA for final review. This is the last step before publication of the final rule in the Federal Register. OIRA has up to 90 - 120 days for their review. ๐—ง๐—ต๐—ฎ๐˜ ๐—ฝ๐˜‚๐˜๐˜€ ๐˜๐—ต๐—ฒ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜„๐—ถ๐—ป๐—ฑ๐—ผ๐˜„ ๐—ฏ๐—ฒ๐˜๐˜„๐—ฒ๐—ฒ๐—ป ๐—น๐—ฎ๐˜๐—ฒ ๐—ฆ๐—ฒ๐—ฝ๐˜๐—ฒ๐—บ๐—ฏ๐—ฒ๐—ฟ - ๐—น๐—ฎ๐˜๐—ฒ ๐—ข๐—ฐ๐˜๐—ผ๐—ฏ๐—ฒ๐—ฟ. Once published, there will be a delay of ~60 days before the final rule is "effective". At that point, that's it. The CMMC program will be official. A couple of notes: - DoD ripped through ๐—ผ๐˜ƒ๐—ฒ๐—ฟ ๐Ÿญ,๐Ÿด๐Ÿฌ๐Ÿฌ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ ๐—ฐ๐—ผ๐—บ๐—บ๐—ฒ๐—ป๐˜๐˜€, made their edits, and officially submitted the final rule in six months and two days so the odds of any major changes from the proposed rule in response to public comments is extremely low. - The rule is officially in the queue well ahead of the November election and I wouldn't be surprised to see OIRA wrap up well before the 90 day mark. - For those keeping score at home DoD pumped out this final rule ๐Ÿฑ๐Ÿฑ% ๐—ณ๐—ฎ๐˜€๐˜๐—ฒ๐—ฟ ๐˜๐—ต๐—ฎ๐—ป ๐˜๐—ต๐—ฒ ๐—ฎ๐˜ƒ๐—ฒ๐—ฟ๐—ฎ๐—ด๐—ฒ (127 business days instead of 283). I hope companies have been using the last several years of prep time wisely. โ€œ๐˜๐˜ตโ€™๐˜ด ๐˜ฐ๐˜ฏ๐˜ญ๐˜บ ๐˜ธ๐˜ฉ๐˜ฆ๐˜ฏ ๐˜ต๐˜ฉ๐˜ฆ ๐˜ต๐˜ช๐˜ฅ๐˜ฆ ๐˜จ๐˜ฐ๐˜ฆ๐˜ด ๐˜ฐ๐˜ถ๐˜ต ๐˜ต๐˜ฉ๐˜ข๐˜ต ๐˜บ๐˜ฐ๐˜ถ ๐˜ฅ๐˜ช๐˜ด๐˜ค๐˜ฐ๐˜ท๐˜ฆ๐˜ณ ๐˜ธ๐˜ฉ๐˜ฐโ€™๐˜ด ๐˜ฃ๐˜ฆ๐˜ฆ๐˜ฏ ๐˜ด๐˜ธ๐˜ช๐˜ฎ๐˜ฎ๐˜ช๐˜ฏ๐˜จ ๐˜ฏ๐˜ข๐˜ฌ๐˜ฆ๐˜ฅโ€ - Warren Buffet Happy Friday ๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš 

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for Andrew Chandler, graphic
    Andrew Chandler

    GRC Cyber Nerd | Making Cyber Simple

    CMMC is coming and defense contractors need to get ready now!! Start walking through the SPRS scoring sheet to baseline your compliance. Finding out where your system stands is crucial to developing your plan of action to meet the score requirement for your company. Companies with Federal Contract Information (FCI) must meet 100% compliance with CMMC Level 1 security requirements. For companies with Controlled Unclassified Information (CUI) need to meet 80% compliance with CMMC Level 2 security requirements. Plus you must have a System Security Plan documented (automatic fail if you do not) If you haven't started working towards CMMC compliance, this is the push for you to start prioritizing this effort. Best of luck out there! -Andrew Shameless Plug: Working towards CMMC Compliance? We got you Independence Day Special for the CMMC Level 2 documentation package (171 Starter Pack - Level 2) 88% off https://lnkd.in/ecGX3bw4 #cybersecurity #informationsecurity #infosec #CMMC #smallbusiness #cybercompliance #compliance #dataprotection #defensecontractors #CUI #FCI #NIST #NIST171

    View profile for Jacob Horne, graphic
    Jacob Horne

    CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |

    ๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš  Well folks, they really did it and I got a raven in the middle of vacay. Just 185 days after the CMMC proposed rule was published, the DoD has officially submitted the 32 CFR CMMC program rule and all supporting documentation to OIRA for final review. This is the last step before publication of the final rule in the Federal Register. OIRA has up to 90 - 120 days for their review. ๐—ง๐—ต๐—ฎ๐˜ ๐—ฝ๐˜‚๐˜๐˜€ ๐˜๐—ต๐—ฒ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜„๐—ถ๐—ป๐—ฑ๐—ผ๐˜„ ๐—ฏ๐—ฒ๐˜๐˜„๐—ฒ๐—ฒ๐—ป ๐—น๐—ฎ๐˜๐—ฒ ๐—ฆ๐—ฒ๐—ฝ๐˜๐—ฒ๐—บ๐—ฏ๐—ฒ๐—ฟ - ๐—น๐—ฎ๐˜๐—ฒ ๐—ข๐—ฐ๐˜๐—ผ๐—ฏ๐—ฒ๐—ฟ. Once published, there will be a delay of ~60 days before the final rule is "effective". At that point, that's it. The CMMC program will be official. A couple of notes: - DoD ripped through ๐—ผ๐˜ƒ๐—ฒ๐—ฟ ๐Ÿญ,๐Ÿด๐Ÿฌ๐Ÿฌ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ ๐—ฐ๐—ผ๐—บ๐—บ๐—ฒ๐—ป๐˜๐˜€, made their edits, and officially submitted the final rule in six months and two days so the odds of any major changes from the proposed rule in response to public comments is extremely low. - The rule is officially in the queue well ahead of the November election and I wouldn't be surprised to see OIRA wrap up well before the 90 day mark. - For those keeping score at home DoD pumped out this final rule ๐Ÿฑ๐Ÿฑ% ๐—ณ๐—ฎ๐˜€๐˜๐—ฒ๐—ฟ ๐˜๐—ต๐—ฎ๐—ป ๐˜๐—ต๐—ฒ ๐—ฎ๐˜ƒ๐—ฒ๐—ฟ๐—ฎ๐—ด๐—ฒ (127 business days instead of 283). I hope companies have been using the last several years of prep time wisely. โ€œ๐˜๐˜ตโ€™๐˜ด ๐˜ฐ๐˜ฏ๐˜ญ๐˜บ ๐˜ธ๐˜ฉ๐˜ฆ๐˜ฏ ๐˜ต๐˜ฉ๐˜ฆ ๐˜ต๐˜ช๐˜ฅ๐˜ฆ ๐˜จ๐˜ฐ๐˜ฆ๐˜ด ๐˜ฐ๐˜ถ๐˜ต ๐˜ต๐˜ฉ๐˜ข๐˜ต ๐˜บ๐˜ฐ๐˜ถ ๐˜ฅ๐˜ช๐˜ด๐˜ค๐˜ฐ๐˜ท๐˜ฆ๐˜ณ ๐˜ธ๐˜ฉ๐˜ฐโ€™๐˜ด ๐˜ฃ๐˜ฆ๐˜ฆ๐˜ฏ ๐˜ด๐˜ธ๐˜ช๐˜ฎ๐˜ฎ๐˜ช๐˜ฏ๐˜จ ๐˜ฏ๐˜ข๐˜ฌ๐˜ฆ๐˜ฅโ€ - Warren Buffet Happy Friday ๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš 

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for Christian Petrou, graphic
    Christian Petrou

    Co-Founder | Threat Mitigation Against Trespassers, Weather & Environmental Threats w/ Live Video & Sensor Monitoring Services During All Life-Cycle Phases Of Commercial Property Development, Remodel, & Management.

    CMMC 2 minute warning shipped two weeks agoโ€ฆ IFโ€™n you donโ€™t know about CMMC and you offer contract work to the DoD or anyone else whoโ€™s in their orbitโ€ฆ read, prepare, get it done. This is not a drill. The egg timer is set. This doesnโ€™t apply to just the clientโ€ฆ He holds the gold, rules the kingdom. It will apply to the following, even if itโ€™s โ€œnot required of meโ€ you will be judged in the decision making process: #integrator #MSP #distributor #manufacturer #3PL #vendor #physicalsecurity #surveillance #accesscontrol #network #infrastructure #ISellPens #ToiletPaper etc etc.

    View profile for Jacob Horne, graphic
    Jacob Horne

    CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |

    ๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš  Well folks, they really did it and I got a raven in the middle of vacay. Just 185 days after the CMMC proposed rule was published, the DoD has officially submitted the 32 CFR CMMC program rule and all supporting documentation to OIRA for final review. This is the last step before publication of the final rule in the Federal Register. OIRA has up to 90 - 120 days for their review. ๐—ง๐—ต๐—ฎ๐˜ ๐—ฝ๐˜‚๐˜๐˜€ ๐˜๐—ต๐—ฒ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜„๐—ถ๐—ป๐—ฑ๐—ผ๐˜„ ๐—ฏ๐—ฒ๐˜๐˜„๐—ฒ๐—ฒ๐—ป ๐—น๐—ฎ๐˜๐—ฒ ๐—ฆ๐—ฒ๐—ฝ๐˜๐—ฒ๐—บ๐—ฏ๐—ฒ๐—ฟ - ๐—น๐—ฎ๐˜๐—ฒ ๐—ข๐—ฐ๐˜๐—ผ๐—ฏ๐—ฒ๐—ฟ. Once published, there will be a delay of ~60 days before the final rule is "effective". At that point, that's it. The CMMC program will be official. A couple of notes: - DoD ripped through ๐—ผ๐˜ƒ๐—ฒ๐—ฟ ๐Ÿญ,๐Ÿด๐Ÿฌ๐Ÿฌ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ ๐—ฐ๐—ผ๐—บ๐—บ๐—ฒ๐—ป๐˜๐˜€, made their edits, and officially submitted the final rule in six months and two days so the odds of any major changes from the proposed rule in response to public comments is extremely low. - The rule is officially in the queue well ahead of the November election and I wouldn't be surprised to see OIRA wrap up well before the 90 day mark. - For those keeping score at home DoD pumped out this final rule ๐Ÿฑ๐Ÿฑ% ๐—ณ๐—ฎ๐˜€๐˜๐—ฒ๐—ฟ ๐˜๐—ต๐—ฎ๐—ป ๐˜๐—ต๐—ฒ ๐—ฎ๐˜ƒ๐—ฒ๐—ฟ๐—ฎ๐—ด๐—ฒ (127 business days instead of 283). I hope companies have been using the last several years of prep time wisely. โ€œ๐˜๐˜ตโ€™๐˜ด ๐˜ฐ๐˜ฏ๐˜ญ๐˜บ ๐˜ธ๐˜ฉ๐˜ฆ๐˜ฏ ๐˜ต๐˜ฉ๐˜ฆ ๐˜ต๐˜ช๐˜ฅ๐˜ฆ ๐˜จ๐˜ฐ๐˜ฆ๐˜ด ๐˜ฐ๐˜ถ๐˜ต ๐˜ต๐˜ฉ๐˜ข๐˜ต ๐˜บ๐˜ฐ๐˜ถ ๐˜ฅ๐˜ช๐˜ด๐˜ค๐˜ฐ๐˜ท๐˜ฆ๐˜ณ ๐˜ธ๐˜ฉ๐˜ฐโ€™๐˜ด ๐˜ฃ๐˜ฆ๐˜ฆ๐˜ฏ ๐˜ด๐˜ธ๐˜ช๐˜ฎ๐˜ฎ๐˜ช๐˜ฏ๐˜จ ๐˜ฏ๐˜ข๐˜ฌ๐˜ฆ๐˜ฅโ€ - Warren Buffet Happy Friday ๐Ÿšจ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐—•๐—ช๐—ข๐—ข๐—ฃ ๐Ÿšจ ๐Ÿ“ฃ ๐—–๐— ๐— ๐—– ๐—™๐—œ๐—ก๐—”๐—Ÿ ๐—ฅ๐—จ๐—Ÿ๐—˜ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿ“ฃ โš  ๐—ง๐—›๐—œ๐—ฆ ๐—œ๐—ฆ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ โš 

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for ๐Ÿ›ก๏ธ John Saylor โ˜๏ธ, graphic
    ๐Ÿ›ก๏ธ John Saylor โ˜๏ธ

    Advisor | Chief Revenue Officer (CRO) | Chief Visionary Officer (CVO) | Pioneer of Managed Security Assurance Provider (MSAP) | Channels & Alliances

    The Cybersecurity Maturity Model Certification (CMMC) Program, under the Office of the Department of Defense Chief Information Officer (#DoD #CIO), integrates #cybersecurity into #acquisition and #riskmanagement. This program is designed to enhance the protection of controlled unclassified information within the #supplychain. The critical success factors (#CSF) for organizations under this program would likely include: 1. Comprehensive implementation of cybersecurity practices. 2. Regular #assessments and #updates to #security protocols. 3. Ensuring all partners and suppliers comply with #CMMC standards. 4. Continuous #monitoring and reporting of cybersecurity measures. Jacob Horne and Summit7 Ltd have an insightful webinar January 10th 10:30am CST https://lnkd.in/gQb7FtaJ Published date: This document is scheduled to be published in the Federal Register on 12/26/2023 and available online at https://lnkd.in/gvxeQi6c, and on https://govinfo.gov

    View profile for Jacob Horne, graphic
    Jacob Horne

    CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |

    ๐Ÿšจ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ ๐Ÿšจ The CMMC proposed rule is out. It's a Christmas miracle. The rule will be officially "published" online on Tuesday 12/26. That means the 60 day public comment period will be from ๐Ÿญ๐Ÿฎ/๐Ÿฎ๐Ÿฒ/๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฏ - ๐Ÿฎ/๐Ÿฎ๐Ÿฒ/๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฐ (link in comments). Until then, we get to imbibe an ๐—ฒ๐—ป๐—ผ๐—ฟ๐—บ๐—ผ๐˜‚๐˜€ PDF file so take good notes. In order for CMMC assessments to start, the DoD needs to respond to public comments in a "final rule". That process typically takes about a year. Summit 7 will have a webinar on 1/10/24 covering all the details (link in comments). For those keeping track at home, in November 2021 the DoD estimated it could take up to 24 months to see the rule. They missed their estimate by just a month and a half. Merry Christmas.

    To view or add a comment, sign in

  • View profile for Karl-Oskar Brรคnnstrรถm, graphic
    Karl-Oskar Brรคnnstrรถm

    Itโ€™s finally happening. United States Department of Defense is pushing the #CMMC forward. We suggest contractors and subcontractors use descriptive LLM #AI from Aigine to automate the process of finding, categorizing and protecting #CUI under the framework. The clock is now ticking and manual inventory will simply take to long. #compliance #supplychain #cybersecurity

    View profile for Jacob Horne, graphic
    Jacob Horne

    CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |

    ๐Ÿšจ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ ๐Ÿšจ The CMMC proposed rule is out. It's a Christmas miracle. The rule will be officially "published" online on Tuesday 12/26. That means the 60 day public comment period will be from ๐Ÿญ๐Ÿฎ/๐Ÿฎ๐Ÿฒ/๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฏ - ๐Ÿฎ/๐Ÿฎ๐Ÿฒ/๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฐ (link in comments). Until then, we get to imbibe an ๐—ฒ๐—ป๐—ผ๐—ฟ๐—บ๐—ผ๐˜‚๐˜€ PDF file so take good notes. In order for CMMC assessments to start, the DoD needs to respond to public comments in a "final rule". That process typically takes about a year. Summit 7 will have a webinar on 1/10/24 covering all the details (link in comments). For those keeping track at home, in November 2021 the DoD estimated it could take up to 24 months to see the rule. They missed their estimate by just a month and a half. Merry Christmas.

    To view or add a comment, sign in

  • View profile for Carlos Colon-Rodriguez, graphic
    Carlos Colon-Rodriguez

    CEO, Security & Counterintelligence Actions , LLC | Senior Advisor - The Roosevelt Group | Strategic & Corporate Advisor | Trusted Partner & Leader | Risk Mgmt. Advisor | CI Analyst | Diversity Champion

    If your organization is involved with DOD's Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), you should seriously consider reading this.

    View profile for Jacob Horne, graphic
    Jacob Horne

    CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |

    ๐Ÿšจ ๐—ก๐—ข๐—ง ๐—” ๐——๐—ฅ๐—œ๐—Ÿ๐—Ÿ ๐Ÿšจ The CMMC proposed rule is out. It's a Christmas miracle. The rule will be officially "published" online on Tuesday 12/26. That means the 60 day public comment period will be from ๐Ÿญ๐Ÿฎ/๐Ÿฎ๐Ÿฒ/๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฏ - ๐Ÿฎ/๐Ÿฎ๐Ÿฒ/๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฐ (link in comments). Until then, we get to imbibe an ๐—ฒ๐—ป๐—ผ๐—ฟ๐—บ๐—ผ๐˜‚๐˜€ PDF file so take good notes. In order for CMMC assessments to start, the DoD needs to respond to public comments in a "final rule". That process typically takes about a year. Summit 7 will have a webinar on 1/10/24 covering all the details (link in comments). For those keeping track at home, in November 2021 the DoD estimated it could take up to 24 months to see the rule. They missed their estimate by just a month and a half. Merry Christmas.

    To view or add a comment, sign in

  • View profile for Bart Mak, graphic
    Bart Mak

    Well worth a read. And download for future reference

    View profile for Ivor Cummins, graphic
    Ivor Cummins

    Biochemical Engineer. Technical Manager / Master Technologist. Founder of MetabolicDuo.com. Author of "Eat Rich Live Long"

    The ultimate analysis on the Covid response madness - stuffed with references, case closed. And yes - it was all corrupt nonsense, the whole thing - from start to finish:

    independent.org

    To view or add a comment, sign in

Jacob Horne

26,151 followers

View Profile

Explore topics