Cybersecurity Maturity Model Certification

CMMC

Assessment Handbook


FINAL RULE EDITION: Organizations entrusted with Controlled Unclassified Information (CUI) must safeguard their systems have their implementation assessed as outlined in the Cybersecurity Capability Maturity Model. If you are looking at this book, it is because the federal government (and other authors) have yet to provide accessible and practical guidance on how to effectively implement these controls and prepare for certification. This book provides clarity and a comprehensive yet accessible explanation alongside actionable insights for the planning and implementation of CMMC requirements at levels 1, 2, and 3. and useful, actionable advice on implementing CMMC level 1, 2, and 3 controls. Whether you’re grappling with CMMC compliance complexities or seeking to enhance your organization’s security posture, this resource equips you with the knowledge and strategies needed to navigate CMMC certification with confidence. Full of valuable tables, figures, examples, and resources, this book enhances understanding of the intricacies of CMMC certification.

 

douglas landoll

Douglas Landoll has over 30 years of information security experience. He has led security risk assessments establishing security programs within top corporations and government agencies. He is an expert in security risk assessment, security risk management, security criteria/compliance and building corporate security programs.

As a senior analyst at NSA, Mr. Landoll was responsible for evaluating security for NATO, the CIA, DoD, FBI and other government agencies. He co-founded the Arca Common Criteria Testing Laboratory, and co-authored the Systems Security Engineering - Capability Maturity Model (SSE-CMM - ISO 21827), taught at NSA's National Cryptologic School, and ran Exodus Communications' southwest security services division. Landoll has led security risk assessments and established security programs within top corporations and government agencies. He is an expert in security risk assessment, management, criteria, and building corporate security programs.

Mr. Landoll has served as the Practice Director for Risk and Compliance Management at Accuvant (now Optiv), the founder and president of Veridyn Inc. prior to their acquisition by En Pointe Technologies and the founder of Lantego Security. He also holds a CISSP and a Computer Science degree from James Madison University, and an MBA from the University of Texas, Austin. Mr. Landoll has published dozens of information security articles, speaks regularly at conferences, and serves as an advisor for several high-tech companies.