Cybersecurity Maturity Model Certification (CMMC): A road map to compliance
With the Department of Defense finalizing its plans to start incorporating CMMC requirements into its RFIs and RFPs (requests for information/proposals), many contractors may still be uncertain where to begin. We’ve got you covered.
Use our high-level road map to help get you started on your journey toward compliance.
1. Confirm your scope includes Controlled Unclassified Information (CUI) and thus seeking CMMC level 2 status.
2. Review the CMMC framework to understand the practices and processes your organization will need to meet Level 2 maturity requirements.
3. Conduct a preparedness assessment – work with a third party or with your team to identify technical gaps in existing vs. required practices.
4. Develop and implement practices that are found to be non-existent (or fixes for those determined to be partially implemented) based on the results of the assessment.
5. Deploy technical solutions where needed.
6. Remediate other process gaps as identified in the preparedness assessment.
7. If the organization’s SPRS score is greater than 85, identify/select a CMMC Third-Party Assessor Organization (C3PAO) firm for your CMMC audit.
8. Obtain your desired CMMC level maturity certification based on the audit.
Subject matter expertise
CISA, CRISC, CGEIT, PMP, CDPSE, Principal, Global Leader, Cybersecurity, Technology Risk, and Privacy
CPA, Partner - Managing Partner, Advisory - Global Consulting Solutions and Government Contracting Industry Leader
Let’s start a conversation about your company’s strategic goals and vision for the future.
Please fill all required fields*
Please verify your information and check to see if all require fields have been filled in.