What's the purpose of scoring the CMMC controls?

old.reddit.com / @/u/Wine_Oh_1, https://old.reddit.com/user/Wine_Oh_1

I'm having issues wrapping my head around the purpose of scoring. If a 1-point control isn't met, you POAM it, correct it, and re-assess. If a 3 or 5-point control isn't met, the audit is over (FAIL). I could see scoring the 1-pointers...in other words, if you have too many 1-pointers not met, then they should probably fail you. But why the 3 and 5-points...why score them at all?

submitted by /u/Wine_Oh_1
[link] [comments]

published 23 days ago


Previous

What is the cheapest LTP?
published 24 days ago

Next

Control 3.13.11 Encrypt CUI
published 23 days ago
See all items from the same source