search menu icon-carat-right cmu-wordmark

The CMMC Level 1 Assessment Guide: A Closer Look

December 2020 Podcast
Katie C. Stewart, Andrew F. Hoover

Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the Level 1 Assessment Guide for the CMMC.

“As you are preparing for your assessment, the assessment guide will be your number one document or artifact that you will use as an organization to prepare.”

Listen

Watch

Abstract

The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the Level 1 Assessment Guide for the CMMC.

About the Speaker

Katie C. Stewart

Katie C. Stewart

Katie Stewart is a senior member of the technical staff within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Stewart has more ...

Katie Stewart is a senior member of the technical staff within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Stewart has more than 15 years of experience advising clients in engineering, information technology, and telecommunications industries. Stewart’s current research interests include information security governance, risk management, and measurement and analysis. She holds a Bachelor of Science and a Master of Science in Computer Engineering (North Carolina State University) and has completed executive education at the Wharton School of the University of Pennsylvania. Stewart is a Certified Information Systems Security Professional (CISSP) and has served as an adjunct professor.

Read more
Andrew F. Hoover

Andrew F. Hoover

Andrew Hoover is a senior engineer and the team lead of the Resilience Engineering Team in the CERT Division of Carnegie Mellon University’s Software Engineering Institute. In this role, Hoover focuses ...

Andrew Hoover is a senior engineer and the team lead of the Resilience Engineering Team in the CERT Division of Carnegie Mellon University’s Software Engineering Institute. In this role, Hoover focuses on cybersecurity architecture, cyber resilience, critical infrastructure protection, and teaches the CERT Resilience Management Model (CERT-RMM) course. Hoover has 16 years of experience in the information technology field. Hoover holds a bachelor of science degree in information systems from the University of North Carolina as well numerous security-related certifications, and he remains active in the cybersecurity community.

 

Read more