Blake Pittman

Blake is a Senior Cyber Risk Analyst for HORNE Cyber where he focuses on cyber assurance services for clients.
Find me on:

Recent Posts

May 26, 2020 9:25:03 AM

Pt. 6: A Readiness Roadmap to the CMMC Level 5

In our previous blog, we discussed the purpose of Level 4 and the requirements that potential contractors will need to meet for Level 4. As we continue along the maturity model to the final level, we will provide *Readiness Notes* to point out potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 5 readiness.

Topics: CMMC

May 6, 2020 9:14:35 AM

Pt. 5: 7 Tips for Achieving CMMC Level 4 Readiness

In our previous blog, we discussed the purpose of Level 3 and the requirements that potential contractors will need to meet to achieve Level 3 readiness. As we continue along the maturity model to Level 4, we will provide *Readiness Notes* to point out potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 4 readiness. Purpose of Level 4 Potential contractors’ cybersecurity maturity is measured with five levels in the CMMC model. Level 4’s purpose is to protect Controlled Unclassified Information (CUI) and reduce risk of Advanced Persistent Threats (APTs).   What classifies as an APT? The CMMC describes an APT as an adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). Level 4 requires the potential contractor to review and measure practices for effectiveness, as well as taking corrective action when necessary and regularly inform higher levels of management regarding issues.  Level 4 focuses on the protection of CUI from APTs with an additional subset of the enhanced security requirement from Draft NIST SP 800-171B [6] and other cybersecurity best practices. The practices should enhance the detection and response capabilities of the potential contractor to address and adapt to the changing tactics, techniques, and procedures (TTPs) used by APTs.

Topics: CMMC

Apr 2, 2020 6:30:00 AM

Pt. 4: 6 Pitfalls to Avoid in CMMC Level 3

In our previous blog, we discussed the purpose of Level 2 and the requirements that potential contractors will need to meet to achieve readiness for Level 2. As we build upon Level 2 and progress to Level 3, we will provide *Readiness Notes* to highlight potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 3 readiness. Purpose of Level 3 Potential contractors’ cybersecurity maturity is measured with five levels in the CMMC model. What is the purpose of Level 3? To protect Controlled Unclassified Information (CUI). This Level requires that the potential contractor establish, maintain, and resource a plan demonstrating the management of activities for practice implementation.  Level 3 includes all of the security requirements in NIST SP 800-171 with some additional practices. Additional requirements including incident reporting are found within DFARS clause 252.204-7012.

Topics: CMMC

Mar 26, 2020 6:30:00 AM

Pt. 3: Level 2, A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed the purpose of the Cybersecurity Maturity Model Certification (CMMC) and the requirements potential contractors will need to meet to achieve compliance with Level 1. As we progress to Level 2, we will provide *Readiness Notes* to highlight potential roadblocks for achieving CMMC Level 2 readiness. Potential contractors’ cybersecurity maturity is measured against CMMC’s five levels. Each level is broken into two parts: processes and practices. Level 2’s process is documented, and its practice is intermediate cyber hygiene. Each level and the corresponding sets of processes and practices across domains are cumulative. For potential contractors, that means encompassing all the requirements of Level 1 and Level 2 before achieving Level 2 readiness.  

Topics: CMMC

Mar 12, 2020 6:00:00 AM

Pt. 2: Level 1, A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed what it is going to take to achieve readiness for the Cybersecurity Maturity Model Certification (CMMC). Potential contractors should determine target contracts, identify and address current readiness gaps, and start reviewing and implementing processes and practices. As we continue along the roadmap to Level 1, we will provide *Readiness Notes* to highlight areas of anticipated pitfalls and headaches.

Topics: CMMC

Mar 4, 2020 6:00:00 AM

A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S))’s upcoming roll out of approximately 10 large contracts which will require contractors to meet Cybersecurity Maturity Model Certification (CMMC) standards in 2020. Full CMMC rollout is expected by 2026. With the upcoming certification requirement, many potential contractors are beginning to assess readiness. Ensuring readiness to meet CMMC compliance will provide a competitive advantage and improve the ease in which potential contractors renew current Department of Defense (DOD) contracts.

Topics: CMMC