Question 1

What is the CMMC?

Accepted Answer

The CMMC is designed to "protect American ingenuity and national security information, the DoD developed the Cybersecurity Maturity Model Certification (CMMC) 2.0 program to reinforce the importance of DIB (Defense Industrial Base) cybersecurity for safeguarding the information that supports and enables our warfighters." Source: DoD CIO CMMC Website

Question 2

What is a CTF?

Accepted Answer

Traditional Capture the Flag (CTF) events focus on allowing individuals and organizations to practice cyberattack (Red Team) skills in search of vulnerabilities while defenders (Blue Team) identify the attacks and protect the organization. Players and teams are awarded points as they identify the vulnerabilities or fend off attacks.

Question 3

What is the CMMC CTF?

Accepted Answer

The Cybersecurity Maturity Model Certification (CMMC) Capture the Flag (CTF) event provides a means for individual Certified CMMC Professional (CCPs) and assessment teams comprised of a CMMC Lead Assessor, Certified CMMC Assessors (CCAs) and CCPs to test (and prove) their skills as CMMC experts.

The CMMC CTF is intended to be a fun and friendly competitive event.  Regardless of individual and team performance, the event promises to entertain and inform both participants and spectators.

Question 4

Who is the crazy person who came up with the idea for a CMMC CTF?

Accepted Answer

The CMMC CTF is the brainchild of Jeffrey Crump (CMMC CCA and Instructor) of the CMMC Training Academy,(https://www.cmmctraining.academy/) a service of Cyber Security Training and Consulting LLC.  Cyber Security Training and Consulting is a Cyber AB/CAICO approved Licensed Training Provider (LTP).

Question 5

What is Continuum GRC and why is it being used?

Accepted Answer

Continuum GRC (https://continuumgrc.com/)is the ONLY FedRAMP and StateRAMP Authorized Risk Management and Assessment solution on the market so it seemed like a natural fit for a place to put all the evidence. Plus, we know them and they're a good group of folks.

Full disclosure: Cyber Security Training and Consulting LLC is a Continuum GRC reseller.

Question 6

Who the %$#&^* does the CMMC CTF think they are by challenging my CMMC knowledge and abilities?

Accepted Answer

Whoa, whoa, whoa there, killa'. Instead of thinking your god-like knowledge, skills, and abilities are being challenged, perhaps instead think of it as an opportunity to prove to the world that you are indeed the best-of-the-best.  It's designed as a fun and challenging experience, not a questioning-your-authority event. If you win, then you can share your Champion status with the world.  If not, just lie and say you couldn't find time to participate. No harm, no foul.