The Most Common Control Deficiencies in CMMC non-compliant DoD contractors
Vijay Sundararajan, Arman Ghodousi
This article presents the most commonly identified Security Control Deficiencies (SCD) faced, the
attacks mitigated by addressing these SCD, and remediations suggested to 127 DoD contractors
in order to bring them into compliance with the newly formed CMMC guidelines, the requirements
and significance of cybersecurity compliance for small-midsized businesses.
45 N Salisbury Street
West Lafayette, IN
ISSA Journal - February 2021
Ph.D. Student, Purdue University and Cybersecurity Specialist at Secure Open Solutions (SOS)
• Information used to assess SCD based on the NIST800-171 protocol
• How does the assessment categorize the compliance status?
• SCD, attacks associated, and remediation suggested in descending order of prevalence
©2021 Information Systems Security Association, Inc. (ISSA)
Present state of information security controls in US DoD contractors who are subject to CMMC level-3 compliance.