[Verse 1] One hundred ten controls in revision two NIST eight oh one seventy one that we pursue Revision three is coming with some changes new But level two is where we start our journey through Self-assessment first or C three PAO way Choose your path but know the price you'll have to pay [Chorus] Access Control, Audit trail Configuration never fail ID and Authentication strong System Protection all along Information Integrity Six domains for you and me CMMC level two compliance Built on cybersecurity science [Verse 2] Scoping boundaries are the choice that matters most What's inside CUI protection, what can you boast Draw the lines too wide and costs will make you ghost Draw them thin and auditors will be your host Infrastructure mapping to each domain Shows the controls where security must remain [Chorus] Access Control, Audit trail Configuration never fail ID and Authentication strong System Protection all along Information Integrity Six domains for you and me CMMC level two compliance Built on cybersecurity science [Bridge] POA and M management What assessors will accept Timelines reasonable With progress they expect But wishful thinking plans Will get your cert reject Show concrete remediation That you can architect [Verse 3] Self-assessment means you validate your own But C three PAO brings eyes you've never known Third party assessment sets a different tone Higher confidence but seeds that must be sown From basic safeguarding to enhanced protection Every control needs proper implementation [Chorus] Access Control, Audit trail Configuration never fail ID and Authentication strong System Protection all along Information Integrity Six domains for you and me CMMC level two compliance Built on cybersecurity science [Outro] Defense contractors listen well Your infrastructure story tell Map each control to every part NIST eight oh one seventy one by heart Level two will pave the way For defending USA
← 5 Cross-Cluster Replication and Active-Active | 2 CPCSC (Canadian Program for Cyber Security Certification) →