Has the Department of Defense Cybersecurity Maturity Model Certification (CMMC) crept-up on you?
Here are some tips to help you jumpstart your CMMC readiness and certification process, and maintain certification in the future.
Which level is right for you?
Did you know that the majority of DoD vendors only need to achieve Level One certification? It’s estimated that 75% of vendors fall into this category. Level One requires only basic compliance, as outlined in DFARS 48 CFR 52.204-2 guideline, and 17 controls in the CMMC Model. You can read more about the CMMC Level requirements here.
Start with a Cyber-maturity report to understand where your organization’s security program stands and know what’s ahead of you.
Do you NIST?
You are likely ready for Level 1 and on the way to Level 2 or 3 if you have adopted controls from NIST 800-171, 800-53, or the Cyber Security Framework (CSF). CMMC can be crosswalked to your existing NIST Controls and help you fast track your readiness process. CMMC can also be mapped to CIS version 7 and CERT controls.
CMMC Policy and Control Templates
Find a compliance partner that can provide you with CMMC Policy Templates and control sets. Some can also help guide you through the evidence collection process. These products and MSP’s can be costly, but complete readiness packages are available for as low as $500/month. Look for one that includes Cyber-maturity evaluations, readiness and remediation, and ongoing control monitoring. The cost should be less than a headcount and can save you a lot of headaches.
Don’t Hesitate – Automate!
This is not the time to build a spreadsheet. Technology is your friend. Consider a solution that can help you automate elementary or time-sucking tasks. Your evidence collection and mitigation process can be automated, and the best solutions provide real-time oversight capabilities so you can keep track of your progress and report your results to leadership. We recommend the Capterra review site, powered by Gartner, to find the product that fits your budget and needs. Think about a SaaS product for swift and easy deployment with no software or hardware to install.
Use the above as your checklist for readiness and certification. For more information on any questions about CMMC Certification, or general compliance questions, email: support@cb1security,com or find us here.
Read more about CyberOne on Capterra.