Skip to content

CMMC Notes

Purpose

This page tracks notes related to CMMC, cybersecurity maturity, small business security practices, and assessment readiness.

Focus Areas

Domain Practical Focus
Access Control Who can access systems and data
Awareness and Training Whether users understand responsibilities
Audit and Accountability Logs, review, and traceability
Configuration Management Secure baselines and controlled changes
Identification and Authentication User identity and authentication controls
Incident Response Preparing for and responding to security events
Risk Assessment Identifying and prioritizing risk
Security Assessment Reviewing whether controls are working
System and Communications Protection Protecting data and network communication

Assessment Mindset

CMMC work is not just about having tools. It is about showing that security practices are documented, implemented, repeatable, and supported by evidence.

Professional Value

CMMC connects cybersecurity operations, documentation, evidence management, and business risk in a way that is directly relevant to defense contractors and small organizations handling sensitive information.