Starting a compliance program can seem like an unimaginable burden. While it’s true that this process can be a huge undertaking, organization’s don’t have to do it alone. Check out our most recent case study on compliance advisory services one of our CMMC consultants performed for an aerospace manufacturer. By performing a basic mapping of […]
Scroll Down to Watch! When it comes to CMMC, sometimes the clearest answers come straight from the source. That’s why we hosted a live panel of Certified CMMC Assessors (CCAs) to answer real questions directly from defense contractors. In this session, assessors weighed in on: How they interpret tricky NIST 800-171 requirements What makes evidence […]
It’s official, 48CFR has been published and the CMMC Phase 1 rollout is just 60 days away. Defense Industrial Base (DIB) contractors are understandably beginning to search for information regarding the recently finalized DFARS rule (Case 2019-D041), formally integrating the Cybersecurity Maturity Model Certification (CMMC) requirements into the DoD acquisition process. This is a big deal—especially […]
In CMMC, continuous monitoring stands as a pivotal component in safeguarding sensitive information. For organizations aiming to achieve Cybersecurity Maturity Model Certification (CMMC) Level 2 compliance, a thorough understanding and implementation of ‘continuous monitoring’ and its role in Risk Management is essential. It is easy to conflate three closely related topics, Continuous Controls Monitoring (CCM), […]
Scroll Down to Watch! Many defense contractors are turning to enclaves — isolated environments designed to store CUI — as silver bullets for CMMC. Enclaves can be an effective way to segregate data, reduce scope, and lower the cost of compliance over time. But they can also introduce a number of problems that make them […]
You’re more than aware of CMMC’s ever-changing nature—we sure are! From publication dates, commentary periods, and everything between, it’s hard to keep up. That’s why we wanted to give you a heads up on the latest in DoD Land. On top of CMMC-specific changes, certain updates in the Department of Defense (DoD) can understandably […]
As a security compliance professional, your daily work leads to one goal: passing a C3PAO assessment and maintaining a CMMC-compliant status. This of course is much easier said than done. So, throughout this process, it’s difficult to account for every nuance in publications—especially as they come out. That’s why we’re here for a little “just so […]
Creating a Data Flow Diagram (DFD) is a foundational step in achieving Cybersecurity Maturity Model Certification (CMMC) compliance. DFDs offer a visual representation of how Controlled Unclassified Information (CUI) traverses through an organization’s systems. The process of identifying how FCI and CUI traverse an organization also highlights the people, processes, and technology that come in […]
Clearwater, FL – April 23, 2025 — SP6, a leading compliance consulting firm and authorized C3PAO, is proud to announce that it has been recognized by the Tampa Bay Business Journal as one of the Best Places to Work in 2025. For a third year in a row, SP6 has been named as one of […]
Scroll Down to Watch Want to know what assessors actually look for during a CMMC assessment? In this webinar, we’ll break down what leads to controls being “Met” or “Not Met” based on real insights from Certified CMMC Assessors. You’ll hear firsthand how assessors evaluate complex controls, what counts as ‘adequate and sufficient’ evidence, and how to avoid […]