search menu icon-carat-right cmu-wordmark

CMMC Levels 1-3: Going Beyond NIST SP-171

July 2020 Podcast
Katie C. Stewart, Andrew F. Hoover

Andrew Hoover and Katie Stewart, CMMC architects, discuss Levels 1-3 of the model and what steps organizations need to take to move beyond NIST 800-171. 

In addition to protecting the confidentiality of CUI data, the DoD wanted a model that would change organizational behavior to be more security conscious. The CMMC meets that objective by adding practices to those included in 800-171 to ensure an organization is implementing a well-rounded security program.

Listen

Watch

Abstract

The Cybersecurity Maturity Model Certification (CMMC) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. In this SEI Podcast, Andrew Hoover and Katie Stewart, CMMC architects, discuss Levels 1-3 of the model and what steps organizations need to take to move beyond NIST 800-171. 
 

About the Speaker

Katie C. Stewart

Katie C. Stewart

Katie Stewart is a senior member of the technical staff within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Stewart has more ...

Katie Stewart is a senior member of the technical staff within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Stewart has more than 15 years of experience advising clients in engineering, information technology, and telecommunications industries. Stewart’s current research interests include information security governance, risk management, and measurement and analysis. She holds a Bachelor of Science and a Master of Science in Computer Engineering (North Carolina State University) and has completed executive education at the Wharton School of the University of Pennsylvania. Stewart is a Certified Information Systems Security Professional (CISSP) and has served as an adjunct professor.

Read more
Andrew F. Hoover

Andrew F. Hoover

Andrew Hoover is a senior engineer and team lead of the Resilience Engineering Team within the CERT Division of Carnegie Mellon University’s Software Engineering Institute. Hoover performs risk and ...

Andrew Hoover is a senior engineer and team lead of the Resilience Engineering Team within the CERT Division of Carnegie Mellon University’s Software Engineering Institute. Hoover performs risk and resilience management work for a variety of organizations, mostly relating to critical infrastructure protection and teaches the CERT Resilience Management Model (CERT-RMM) course. Hoover has 16 years of experience in the information technology field. Prior to joining the SEI, Hoover worked as a technical auditor performing risk and vulnerability assessments for government and industry clients. Hoover holds numerous security-related certifications and remains active in the cybersecurity community.

Read more