Now Offering full CMMC Consulting Services
Get CMMC Consulting Services From a Team of Compliance Experts and Cybersecurity Engineers Trained to Get You Over the CMMC Finish Line.
It’s been an interesting year and a busy few months with plenty of updates for the CMMC assessment requirements process. For some background, the CMMC (cybersecurity maturity model certification) was created by the DOD and requires that its 300,000 supplier, primes, and subs (i.e., the Defense Supply Chain (DSC)) become compliant with defined cybersecurity practices and processes at various levels needed for compliance.
In late September, the DOD published an interim rule amending requirements for both DFARS and CMMC compliance. As described here, the interim rule will go into effect on November 30, 2020, so DSC providers should be aware.
The DOD has overhauled the NIST SP 800-171 assessment methodology in which contractors are already required to be compliant per DFARS 252.204-7012. Going forward, the DOD will require the contractor to self-certify and verify compliance before new contracts will be awarded. The assessment methodology has three levels for basic, medium, or high in which the basic assessment can be completed prior to contract award and medium/high after award completion. DSC providers need to be careful to ensure compliance and implementation requirements or the company might be subject to a False Claims Act violation. DSC providers can get started with NIST recommendations for self-assessment of the DFARS requirements provided here.
Another big result of the interim ruling going into effect is that the DOD plans to fully commit and move forward with the CMMC as re-affirmation to companies that part of the DSC begins the process of getting certified immediately. The DOD has provided a timeline starting in 2021 and going forward with the number of new DOD contracts per year having clauses that state the contractor must be compliant with the CMMC requirements to that contract at award time. The DSC contractor is [not required]{.underline} to be compliant at the stated CMMC level when bidding on the contract but must be at the required level by award time. The DOD will also require by FY 2026 all DOD contracts will have a CMMC compliance requirements clause. Once certified at the chosen CMMC level, the DSC contractor will need to be re-certified every three years or per significant change to the infrastructure or organization.
The CMMC-AB is actively working with the DOD on ensuring a proper rollout of CMMC assessment procedures and requirements. At this time, it is highly encouraged for DSC contractors to begin getting their company and IT environments ready for CMMC compliance.
Have questions regarding CMMC requirements or the process? Need help in getting your organization ready for the assessment with security architecture and be compliant with the applicable practices and processes for your needed CMMC Level? See how Grove can help you prepare for your assessment and properly secure your environment. Grove is currently seeking RPO status with the CMMC-AB to be certified in helping clients prepare for CMMC assessments.
Now Offering full CMMC Consulting Services
Get CMMC Consulting Services From a Team of Compliance Experts and Cybersecurity Engineers Trained to Get You Over the CMMC Finish Line.
AI Usage Transparency Report
Pre-AI Era · Written before widespread use of generative AI tools
AI Signal Composition
Score: 0.04 · Low AI Influence
Summary
The CMMC (cybersecurity maturity model certification) was created by the DOD and requires that its 300,000 supplier, primes, and subs become compliant with defined cybersecurity practices and processes at various levels needed for compliance.
Related Posts
AI Agent Constraints and Security
I really feel like in this era of AI it's essential to write about and share experiences for others who are leveraging AI, especially now that AI usage seems almost ubiquitous. Specifically, when it comes to AI in development and the rapid growth of AI-driven automations in the IT landscape, I believe there's a need for open discussion and exploration.
ABM Warranty 0.4.1
The 0.4.x release series for ABM Warranty is focused on operational scale. The earlier 0.3 releases were about trust, correctness, and stabilizing the foundation. Version 0.4.1 builds directly on that work by making the app more practical for consultants, internal IT teams, and managed service providers who need to support multiple environments without losing isolation, control, or visibility. This includes improvements to user interface and workflow, as well as enhanced reporting capabilities to help these users manage their workflows more efficiently.
Vibe Coding with Codex: From Fun to Frustration
So there I was, a typically day, a typical weekend. As a ChatGPT customer, I had heard good things about Codex and had not yet tried the platform. To date my experience with agentic coding was simply snippit based support with ChatGPT and Gemeni where I would ask questions, get explanations and support with squashing bugs in a few apps that I work on, for fun, on the side. There were a few core features in one of the apps I built that I wanted to try implementing but the...
The warranty dashboard Apple doesn’t provide… yet
Download ABM Warranty
Why Apple Fleet Risk Isn’t a Security Problem—Until It Is
Security and risk are often treated as interchangeable concepts in modern IT environments, but they are not the same discipline. Security focuses on controls, enforcement, and prevention. Risk management, by contrast, is concerned with likelihood, impact, and consequence across operational, financial, and organizational domains. Frameworks such as those published by NIST make this distinction explicit: risk assessment is not a technical exercise, but a business one. Technology informs risk decisions, but it does not define them.
ABM Warranty 0.3.1
The 0.3.x release series for ABM Warranty is about tightening guarantees. Where earlier releases focused on surfacing data and making long-running operations observable, 0.3.x focuses on ensuring that what you see is complete, consistent, and safe to trust—particularly as the app is used in larger, slower, and more varied environments. This shift in focus aims to provide a more reliable foundation for users who require higher levels of assurance from their warranty management system.
ABM Warranty 0.2.0
ABM Warranty 0.2.0 is a feature release focused on visibility, safety, and scale. This version does not change what ABM Warranty is meant to be, but it significantly improves how the app behaves under real-world conditions—large device counts, API throttling, long-running imports, and the kinds of failure modes Apple IT admins actually encounter. The improvements in this release are designed to make the app more reliable and efficient, allowing it to handle complex scenarios without breaking or becoming unresponsive.
Running a Beta Program: Lessons Learned
Shipping software in isolation is comforting. You control the inputs, the environment, and the narrative you tell yourself about how things work. The moment you invite other people in—especially people who don’t share your assumptions—you lose that comfort. You also gain something far more valuable. Running a public beta for ABM Warranty through Apple’s TestFlight program forced me to confront that tradeoff head-on, and it fundamentally changed how quickly and confidently the app matured.
The Day I Unmanaged a Mac Into a Corner
There are a few kinds of mistakes you make as a Mac admin. There are the ones that cost you time, the ones that cost you sleep, and then there are the ones that leave you staring at a perfectly good laptop thinking, “How did I possibly make this *less* manageable by touching it?” These mistakes often stem from a lack of understanding or experience with macOS, but they can also be the result of rushing through tasks or not taking the time to properly plan and test.
Introducing ABM Warranty for macOS
If you manage Apple devices at scale, you already know that **Apple Business Manager (ABM)** provides warranty data — but in practice, it’s extremely limited. It doesn’t provide workflow-friendly insights, it doesn’t surface actionable coverage states, and it doesn’t help you wrangle the ever-growing complexity of **AppleCare+ renewals** across hundreds or thousands of devices. This lack of comprehensive information can lead to missed renewal deadlines, unnecessary costs, and a higher risk of device downtime due to expired warranties.
