惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
WordPress大学
WordPress大学
云风的 BLOG
云风的 BLOG
Stack Overflow Blog
Stack Overflow Blog
MongoDB | Blog
MongoDB | Blog
腾讯CDC
V
V2EX
Martin Fowler
Martin Fowler
A
About on SuperTechFans
大猫的无限游戏
大猫的无限游戏
Blog — PlanetScale
Blog — PlanetScale
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
酷 壳 – CoolShell
酷 壳 – CoolShell
C
Check Point Blog
博客园 - 【当耐特】
Cisco Talos Blog
Cisco Talos Blog
The Hacker News
The Hacker News
K
Kaspersky official blog
Security Latest
Security Latest
H
Help Net Security
博客园_首页
美团技术团队
Spread Privacy
Spread Privacy
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
S
SegmentFault 最新的问题
G
Google Developers Blog
NISL@THU
NISL@THU
爱范儿
爱范儿
I
Intezer
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
N
News and Events Feed by Topic
P
Privacy International News Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
S
Security @ Cisco Blogs
Schneier on Security
Schneier on Security
雷峰网
雷峰网
人人都是产品经理
人人都是产品经理
V
Vulnerabilities – Threatpost
W
WeLiveSecurity
P
Palo Alto Networks Blog
G
GRAHAM CLULEY
Hacker News: Ask HN
Hacker News: Ask HN
I
InfoQ
The Cloudflare Blog
F
Full Disclosure
SecWiki News
SecWiki News
宝玉的分享
宝玉的分享
N
Netflix TechBlog - Medium

Todyl Blog

CyberChef: How to Decode & Decrypt Malicious Scripts (Step-by-Step Guide) Achieving Zero Trust with SASE: A Practical Roadmap for Modern Network Securityso like MSP Security Maturity Assessment: Why 79% of MSPs Are Stuck in 2025 The Rising Threat of Malicious AI: What Every Organization Needs to Know Iran Cyber Threat 2026: What SMBs and MSPs Need to Know The OneStart AI Browser Deception Cyber Insurance Requirements Based on Industry Why Third-Party Security Certification Is Your MSP's Competitive Edge Why Cyber Insurance Carriers Are Shifting to Security Assurance Iran Conflict and Cyber Risk: What North American Organizations Need to Know ‍ Why Cyber Resilience Requires Security, Compliance, and Insurance MSP Security Services: How to Position Identity Protection as Competitive Advantage Identity Security Gap Assessment: A Step-by-Step Guide for MSPs How Credential Theft Attacks Are Costing MSP Clients Millions Do I Need Cyber Insurance as a Small Business? Advanced Persistent Threats (APTs) Explained Preparing for CMMC Level 1: What Your Organization Needs to Do The Real Cost of Doing Nothing in Cybersecurity MSP Security: Build vs Buy SOC The Rise of a Cybercrime Alliance: What LockBit, Qilin, and DragonForce Mean for Business Risk Cyber Threat Recovery Strategies for MSPs What MSPs Need to Know about CIRCIA Final Rule ClickFix: The Evolution of Copy-Paste Social Engineering Akira Ransomware: Threat Assessment of a Scalable RaaS Operation The Dos and Don’ts of Applying for a Cyber Insurance Policy What Is Threat Hunting? A Practical Guide for MSPs and SMBs The Business Case for Cyber Threat Management Evaluating Free and Open Source SIEM Tools in 2026 How organizations can combat BEC Using SASE to help meet cyber insurance requirements Introducing the Anomaly Framework Stopping Identity Threats with ITDR through MXDR Security Operations Over Tools Beyond Tools: A Strategic Approach to Data Security Cyber Threat Response Strategies for MSPs Threat Advisory: Email Account Compromise BECs In the Wild: When Millions of People Are Expecting the Same Email Michigan and Wisconsin Proposed Age Verification Bills and the Impact on VPNs and SASE: What You Need to Know Cyber Threat Detection Strategies for MSPs Cyber Threat Prevention Strategies for MSPs How to Complete Your CMMC Level 1 Self-Assessment: A Step-by-Step Walkthrough Cyber Threats Don't Take Time Off How MSPs Build Lasting Client Relationships Through Proactive Operations Risk Management for MSPs: Why Business Context Changes Everything 5 Pillars for Security Program Growth in 2025 One Action MSPs can take to Address Risk and Secure Clients Building Resilience in a Perimeter-less World with Defense-in-Depth Aligning Technology Implementation to Business Outcomes Top 5 Myths about Cybersecurity How Conditional Access Transforms Your Cybersecurity Program Why MSPs need to embrace a prescriptive model How Texas SB 2610 Positions MSPs as Strategic Risk Advisors Simplifying cybersecurity maturity with managed cloud SIEM Addressing firewall vulnerabilities Understanding the Pitfalls of RDP MSP Zero-Day Response Plan: When Security Tools Can't Help You Old is Gold: Tackling Persistent Vulnerabilities How MXDR drives operational efficiencies Using SASE for secure remote access How to find the best endpoint security solution The Cyber Insurance Crisis: Why MSPs and Their Clients Are Struggling What to ask of a prospective endpoint security vendor Thinking Red, Acting Blue: Turning Attack Tactics in Your Favor Zero-Day Attacks and False Alarms: Lessons for MSPs Dissecting the Recent Rise in 2025 Zero Days MSP Security Monitoring Strategy: Identity and Cloud Blind Spots Introducing the Todyl Community: A Collaborative Platform for MSPs Threat Advisory: PDFast Freeware Compromise Navigating Today’s Cybersecurity Threat Landscape: Where MSPs Should Start Threat Advisory: Understanding the Recent SonicWall SSL VPN Vulnerability and How to Protect Your Clients Partner Spotlight: GoTech IT Solutions Threat Advisory: SQL Injection in FortiClient CVE-2023-48788 The Importance of SSL Inspection Navigating Compliance Frameworks: Common Challenges and Effective Solutions Making the most of SASE Web Filtering Iran & Middle-East Geopolitical Shifts: Emerging Cyber Risks for SMBs MSP Security KPIs That Matter: Beyond Vanity Metrics to Business Outcomes MSP Challenges Looking into 2025 Combining EDR and NGAV for Defense-in-Depth Starting Your Security Framework Journey: A Practical Implementation Guide Cyber Insurance vs. Warranties: Key Risk Management Elements Akira Ransomware: A Persistent Threat to MSP Operations Transforming Cyber Insurance for MSPs and Their Clients Two Truths, Double Whammy: Why Vulnerability Remediation Needs a Rethink Using LAN ZeroTrust for segmentation The role of SIEM in incident response Partner Spotlight: 917 Solutions Threat Advisory: Business Email Compromise Campaign using OVPN for Obfuscation Beyond Implementation: Creating an Ongoing Security Framework Program ClickFix: Fake Captcha Leads to Real Damage Streamlining Security and Compliance Information Gathering with Assessments EpiBrowser: A Sophisticated PUP Masquerading as Chromium Partner Spotlight: AnchorSix Tips to Help MSPs Set Goals for the New Year How SIEM helps detect insider threats Massive Wave of Network Security Vulnerabilities Demands Immediate Action FortiJump: The FortiManager Zero-Day Vulnerability Explained Use cases of SASE: Software-defined perimeter Threat Advisory: LightPerlGirl Malware Why MSPs Must Prioritize CIS Critical Security Controls v8.1 for Client Success
Simplifying CMMC Level 1 with Todyl GRC
Andrew Scott · 2026-01-09 · via Todyl Blog

CMMC requirements are in full swing. If you’ve followed through our CMMC series so far, you’ve learned what CMMC Level 1 is and who it pertains to. Then, you used our checklist to drive your evaluation for your self-assessment.  for your self-assessment.  

Even with a checklist, manually assessing and tracking CMMC compliance is, admittedly, a chore. For MSPs managing multiple CMMC-applicable companies, that chore is multiplied across each client.

Using a Governance, Risk, and Compliance (GRC) solution gives organizations a centralized method for managing and tracking requirements like CMMC Level 1. Here’s how you can use Todyl GRC to streamline you and your clients’ journey to CMMC Level 1 compliance.

Understanding Requirements

As detailed in the previous two blogs, CMMC Level 1 depends on 17 practices broken down across six controls. To prove compliance, you must be able to provide evidence for each practice with documentation supporting each claim. Although checklists like the one shared in our last blog are useful for this endeavor, automated and managed solutions like GRC make things significantly easier.

Todyl GRC natively features detailed guides on CMMC Level 1 and other prominent compliance frameworks. These guides break down each individual requirement, providing:

  • Full explanation of requirements
  • Potential risks & threats
  • Implementation best practices
  • Auditor questions
  • Related standards and controls
  • Associated notes sections
  • Supporting evidence mapping
  • Control strength self-evaluation (Satisfactory, Needs Improvement, N/A)

All of this is located within the same portal you use to manage your clients’ cybersecurity posture and secure their networks. In practice, GRC even auto-maps those practices to relevant controls as covered by the Todyl Platform. Todyl partners have found that just implementing the platform covers nearly 50% of CMMC controls across all 3 levels.

In this way, you have even less manual work to do when self-assessing your CMMC Level 1 compliance.  

Documenting Policies

Supporting the Framework mapping functionality is the Policy feature. This function of GRC gives you a living digital library of all your policy documentation. This allows you to track and manage how your program operates then update and review documentation in real time.  

As hinted above, these Policies auto-map to relevant CMMC controls, as well as any other frameworks or regulations your organization tracks on behalf of clients. And, as a digital repository, you can limit access by identity to prevent tampering and misuse while also enabling anyone with access to update from anywhere.

Beyond the obvious compliance ramifications, Policies also helps you organize and centralize your documentation. This makes it easy to enforce consistency across your operations, leading to stronger security posture and simplifying new hire onboarding.

Assessing Clients

In many cases, you won’t have all the answers you need for CMMC Level 1 self-assessment, such as Media Disposal or Physical Security practices. Your clients, however, will know these, but you need to be able to get those answers directly and in writing.

GRC’s Security Assessment feature helps you create repeatable questionnaires to send to clients and prospects to document key security and operations answers. You can create your own assessments, clone and edit one of our preexisting templates, or send one out directly. Among the many native templates, you can use our CMMC Initial Assessment Pre-Screen (shown below) to scope clients, identify CMMC gaps, and get documentation for key controls and practices.

A screenshot of a computerAI-generated content may be incorrect.

Each assessment is password protected to secure sensitive and proprietary information. With Security Assessments, you get all the answers you need to confidently understand clients’ CMMC picture without tedious manual tracking or back-and-forth emails.

Monitoring Continuously

Outside of the GRC module, Todyl Managed Cloud SIEM provides native observability capabilities that are crucial for achieving CMMC Level 1. Specifically, the GRC Dashboard within SIEM automatically sources key insights relevant to the following controls:  

  • Access Control
  • System & Information Integrity
  • System & Communications Protection

… as well as other important audit features and controls in scope for Levels 2 and 3.  

The Dashboard makes it simple to view pertinent data that supports your self-assessment so you can easily prove compliance across any tenant. The insights also help you highlight areas of improvement to either guide your team’s efforts and remediation, or concerns that need to be discussed with the client. This ensures that you can quickly iterate so that achieving CMMC Level 1 takes days, not months.

Putting it All Together

Combining each of these features, you get a single platform to manage and track CMMC Level 1 compliance, as well as most other prominent compliance frameworks and regulations. In terms of recent DoD updates, you can use Todyl GRC to streamline your self-assessment process and quickly prove adherence for yourself and your clients.

Companies that fail compliance can face termination across their federal contracts and potentially fall subject to non-compliance fines and future suspension. Acting now helps you ensure client uptime and, in turn, makes your offering more appealing to prospects with CMMC concerns.

Use Todyl GRC

To get started with GRC to simplify your CMMC Level 1 efforts, check out Todyl in action. Contact us to get your free demo so you can start assessing clients and proving compliance.

About Andrew Scott

Andrew is a seasoned Field CISO with over a decade of experience in the cybersecurity and intelligence domains. As an expert in enterprise solutions architecture and security strategy, Managed Security Service Providers (MSSP), and Security Operations Center (SOC) leadership and transformation, Andrew excels in aligning technology solutions with business objectives to enhance organizational security.

His extensive background includes pivotal roles at Leidos, CrowdStrike, and IBM, where he led the development of complex security solutions, managed and led large SOC organizations, and transformed cybersecurity and risk management programs for both Federal and Fortune 500 private sector organizations.

Andrew’s technical expertise spans threat intelligence, SOC operations, Zero Trust implementations, security architecture, and comprehensive threat detection and remediation strategy development. A recognized thought leader, he has contributed to numerous publications and spoken at industry events, sharing his deep knowledge of threat and risk management strategies. Andrew holds several certifications, including CISSP, CRISC and GSTRT certifications.