If your organization handles Controlled Unclassified Information (CUI) and is working toward CMMC Level 2 certification, understanding where organizations most commonly fail is half the battle. In a recent webinar, 112 Cyber’s certified CMMC assessors Nick Graning and Jordon Darling broke down five of the most commonly failed control areas — and exactly what you […]
Scroll Down to Watch! Wondering which CMMC controls organizations fail most often, and how to avoid making the same mistakes? Our Certified CMMC Assessors are back for part two of this highly requested webinar to break down more of the most commonly failed controls and explain what they expect to see in an assessment. Watch […]
Not all C3PAOs are created equal. Before you sign an engagement, these are the questions that separate credible assessors from expensive mistakes — organized by category, with what good answers look like, and what should send you running. 01 Scoping & Environment Understanding Ask “How do you approach defining the CMMC assessment boundary?” “How do […]
In the Defense Industrial Base (DIB), External Service Providers (ESPs) are becoming increasingly common. ESPs, also commonly referred to as Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), or Cloud Service Providers (CSPs), have become especially beneficial for small and medium-sized businesses where hiring a full-time compliance employee may not be practical. ESP services can range from full system management and support to […]
When handling Controlled Unclassified Information (CUI), compliance with NIST SP 800-171 and the CMMC framework mandates strict data protection measures—including the use of FIPS-validated encryption in specific scenarios. But one requirement that consistently generates questions is exactly what “FIPS-validated” means in practice, where it applies, and how it differs from the looser “FIPS-compliant” language that […]
2025 was the year CMMC stopped being theoretical and started impacting contracts, costs, and careers. For defense contractors, certification is no longer just compliance; it’s a competitive edge, a risk mitigation strategy, and an operational imperative in an era of elevated requirements for organizations in the Defense Industrial Base (DIB). But it didn’t start that way. January 2025 was still a time of uncertainty and what felt like […]
2025 was a year of undeniable progress when it came to the establishment and enforcement of CMMC (Cybersecurity Maturity Model Certification). As we left 2025 and CMMC moved from anticipated requirement to full-on enforcement, one thing became clear: the companies that made the most CMMC progress weren’t just guessing—they were informed. Over the past year, our most-read and most-shared CMMC guides reflected the real questions […]
Scroll Down to Watch! Planning on getting CMMC compliant in 2026? In this webinar, our Certified CMMC Assessors will break down what a successful CMMC roadmap looks like from start to finish. Whether you’re just starting out or getting ready to book a C3PAO, we’ll walk you through what’s needed at each stage to achieve […]
Proper storage of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) is at the core of a healthy and satisfactory compliance program. The issue? There seems to be ample confusion on what CUI and FCI are, the difference between the two, and where they officially can be stored. Improper storage of both CUI […]
A major DoD aerospace engineering partner for manufacturers in the Defense Industrial Base (DIB), was concerned about their lack of a compliance program. Knowing CMMC was advancing in rulemaking stages, it would be a matter of time before contract requirements included CMMC certification. Working with 112Cyber CRC’s team of CMMC consultants, the organization was able […]
- 1
- 2