CMMC Awesomeness - Organization Size-Based Technology Solutions
There are a lot of shitty people out there who will want to claim this as their own original work and the thought of that doesn't sit well with us. Therefore, CMMC-COA uses the Creative Commons Attribution-NoDerivatives 4.0 licensing model so that we retain this awesome Intellectual Property (IP), but you still get to use it. Under Creative Commons licensing, you are free to share this information, including copying and redistributing the material in any medium or format for any purpose, even commercially.
Per Creative Commons, the licensor cannot revoke these freedoms as long as you follow these license terms:
Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.
Just to reiterate, there is no endorsement of any kind for products or services listed on this website - It is entirely your responsibility to conduct appropriate due diligence and due care in selecting and engaging a product or service for implementation against CMMC practices and processes within your organization. Your responsibility, not ours! Yours!
As for what you get access to, we thought about doing something fancy with this website but we had better things to do with our time. What you can do is download version 2021.2 of the Microsoft Excel file below (click on the pretty pictures below) and you will have three (3) spreadsheets that are organized by:
Technology Solutions By CMMC Levels 1-5 Process and Practice (CMMC v1.02) [includes NIST 800-53 R5 mapping]
Technology Solutions By Category
NIST SP 800-171 DoD Assessment Methodology Worksheet [upgraded to CMMC & NIST SP 800-171A assessment criteria]
Mappings to the CMMC Kill Chain phases
Assignment of control ownership, execution, etc. for the 382 unique requirements as part of CMMC Level 3.
That's pretty much it - just a shit ton of very useful information for you to get compliant, so please do not bitch and complain that no one is providing any guidance on how to actually comply with CMMC practices and processes. If you do not know what to do with that information, reach out to a competent IT/cybersecurity consultant who can help you with your specific needs.
As for updates, we will update this list every so often... when we have nothing better to do in our day jobs, when we run across new tools that might be of interest or some other reason that would make us want to update the spreadsheets. It is in our interest to keep the spreadsheet updated, since we use these recommendations on a daily basis, so you have access to the awesomeness that we leverage for our own consulting needs. You're welcome, America!