CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder

FedRAMP moderate “equivalency” has been a thing since 2016, but DoD never really defined the term until January 2024. “The memo” has defense suppliers and the people behind their cloud apps in panic mode. In this episode we dive into what the memo says, potential reasons why, and whether equivalency will still be a thing in the future at all.

Episode Links:
DFARS 7012: https://www.acq.osd.mil/dpap/dars/dfa...

The memo (PDF): https://dodcio.defense.gov/Portals/0/...

Equivalency circa 2018: https://www.nist.gov/news-events/even...

FedRAMP: https://www.fedramp.gov/program-basics/

NIST SP 800-171r3: https://csrc.nist.gov/pubs/sp/800/171...

(0:00 – 3:24): Intro & Housekeeping
(3:25 – 5:03): Intro
(5:04 – 6:19): Clarifying equivalency
(6:20 – 7:47): DFARS 7012 (c) - (g)
(7:48 – 9:19): How big is FedRAMP moderate?
(9:20 – 10:21): Your BoE is a wonderland
(10:22 – 11:29): Generational differences
(11:30 – 15:14): 100% compliance, no POAMs
(15:15 – 17:12): Why are they doing this?
(17:12 – 17:56): The dictionary definition
(17:56 – 21:19: SaaS apps? Hello?
(21:20 – 24:01): History of “equivalency”
(24:02 – 27:14): Trade-offs
(27:15 – 29:59): Will equivalency stay around?
(30:00 – END): Don’t blame CMMC

#cmmc #cybersecurity #dfars #nist #dib