The CMMC Advisory Board has appointed Melanie Kyle Gingrich to lead training and development. Previously, the Senior Vice President of Product Development for Monster Worldwide, she has been charged with training and standing up a CMMC ecosystem of organizations that develop course materials and train assessors as the CMMC Board prepares to roll out its first certifying organizations this summer. Read more here from FCW.
CyberOne Security provides CMMC readiness and continuous monitoring to prepare and support you through the lifecycle of your CMMC certification process. From your 800-171 Self Assessment submission to the SPRS through control implementation, evidence verification, certification with our C3PAO partners, and continuous control monitoring for re-certification, CyberOne provides step-by-step guidance and automation that saves time and provides complete assurance for certification success. Oh, and, most important of all, it’s affordable for all-size organizations.
- Control Self Assessment for DFARS CyberSecurity Requirement
- CMMC Control Mapping to 800-171
- Automated Evidence Collection
- Certification Readiness Report
- C3PAO connection
- Continuous Monitoring post-Certification
Read our reviews on Capterra and contact us now for your FREE CMMC Evaluation.
Has the Department of Defense Cybersecurity Maturity Model Certification (CMMC) crept-up on you?
Here are some tips to help you jumpstart your CMMC readiness and certification process, and maintain certification in the future.
Which level is right for you?
Did you know that the majority of DoD vendors only need to achieve Level One certification? It’s estimated that 75% of vendors fall into this category. Level One requires only basic compliance, as outlined in DFARS 48 CFR 52.204-2 guideline, and 17 controls in the CMMC Model. You can read more about the CMMC Level requirements here.
Start with a Cyber-maturity report to understand where your organization’s security program stands and know what’s ahead of you.
You are likely ready for Level 1 and on the way to Level 2 or 3 if you have adopted controls from NIST 800-171, 800-53, or the Cyber Security Framework (CSF). CMMC can be crosswalked to your existing NIST Controls and help you fast track your readiness process. CMMC can also be mapped to CIS version 7 and CERT controls.
CMMC Policy and Control Templates
Find a compliance partner that can provide you with CMMC Policy Templates and control sets. Some can also help guide you through the evidence collection process. These products and MSP’s can be costly, but complete readiness packages are available for as low as $500/month. Look for one that includes Cyber-maturity evaluations, readiness and remediation, and ongoing control monitoring. The cost should be less than a headcount and can save you a lot of headaches.
Don’t Hesitate – Automate!
This is not the time to build a spreadsheet. Technology is your friend. Consider a solution that can help you automate elementary or time-sucking tasks. Your evidence collection and mitigation process can be automated, and the best solutions provide real-time oversight capabilities so you can keep track of your progress and report your results to leadership. We recommend the Capterra review site, powered by Gartner, to find the product that fits your budget and needs. Think about a SaaS product for swift and easy deployment with no software or hardware to install.
Use the above as your checklist for readiness and certification. For more information on any questions about CMMC Certification, or general compliance questions, email: support@cb1security,com or find us here.
Read more about CyberOne on Capterra.
Below are the published Information Security requirements for California with publishing and enforcement dates.
- SIMM 5300-B Foundational Framework, published in October 2017 by the State of California Office of Information Security outlines the foundational framework required for cybersecurity for businesses registered and operating in California. This framework is mapped to NIST 800-53, aligned to the Federal standards by the National Institute Standards for Technologies. It includes the following topics:
- Application Security
- Contingency Planning
- Change and Configuration Management
- Data Security 5-6 E. Security Governance
- Endpoint Security
- Identity and Access Management
- Mobile Security
- Security Analytics and Continuous Monitoring
- Network Security
- Physical Security
- Vulnerability Management