Workshop Cohort FAQs
- What is a process acting on behalf of an authorized user?
- What does it mean to sanitize FCI/CUI, and how do I do it?
- What is device authentication in CMMC?
- How do I perform and report my CMMC Level 1 self-assessment?
- How do I perform and report my NIST 800-171/CMMC Level 2 self-assessment (SPRS) score?
- Is there a difference between FAR 52.204-21 and CMMC Level 1?
- How do I know if CMMC is not applicable to me?
- What is the difference between CMMC and FedRAMP?
- What is an enclave?
What is a process acting on behalf of an authorized user?
Check out our blog on this topic: https://www.totem.tech/processes-acting-on-behalf-of-authorized-users/.
What does it mean to sanitize FCI/CUI, and how do I do it?
Check out our blog on this topic: https://www.totem.tech/cui-sanitization-and-destruction-requirements-for-cmmc/.
What is device authentication in CMMC?
Check out our blog on this topic: https://www.totem.tech/device-authentication-cmmc/.
How do I perform and report my CMMC Level 1 self-assessment?
Check out our blog on this topic: https://www.totem.tech/cmmc-level-1-self-assessment-reporting/.
How do I perform and report my NIST 800-171/CMMC Level 2 self-assessment (SPRS) score?
Check out our blog on this topic: https://www.totem.tech/how-to-generate-and-report-your-dod-self-assessment-score/.
Is there a difference between FAR 52.204-21 and CMMC Level 1?
Check out our blog on this topic: https://www.totem.tech/cmmc-level-1/.
How do I know if CMMC is not applicable to me?
Check out our blog on this topic: https://www.totem.tech/when-is-cmmc-not-applicable/.
What is the difference between CMMC and FedRAMP?
Check out our blog on this topic: https://www.totem.tech/what-the-heck-is-the-difference-between-fedramp-and-cmmc/.
What is an enclave?
If you've been browsing around for solutions to help with CMMC compliance, you may have encountered vendors pitching you their "enclave". An enclave is essentially an isolated network segment, cloud environment, or other area that is intentionally designed for handling federal government information, such as Controlled Unclassified Information (CUI). For instance, a company may choose to isolate their CUI flow to a dedicated network segment and implement strict access controls to prevent CUI from spilling outside of that segment. This allows them to only have to implement NIST 800-171 within that enclave. Or, a company may choose to subscribe to a cloud CUI enclave operated by an external service provider and inherit many of the NIST 800-171 requirements. Enclave services can provide nice time savings for companies needing to comply with CMMC quickly, but they may not always be a good fit for their operational needs and are often very expensive. Be very careful when evaluating enclave providers, especially those using cloud services, ensuring that they have undergone appropriate FedRAMP authorization if CUI is going to be handled within that cloud environment.