As a newcomer to GRC (but not IT) I’ve been studying various compliance and control frameworks. I decided to focus on the CIS Top 18 to begin with, but I know there’s also a lot of chatter about CMMC as an up and coming framework, so I wanted to familiarize myself with that too.
I found out that the CIS Controls Navigator has a way to view how the CIS CSC maps to CMMC (among several others including NIST CSF and SOC 2). This has been really useful for me to compare and contrast the differences side by side without too much effort.