Cybersecurity Maturity Model Certification (CMMC): A road map to compliance
With the initial inclusion of CMMC requirements slated to appear in Department of Defense RFIs and RFPs (requests for information/proposals) in late 2020/early 2021, many contractors may still be uncertain where begin. We’ve got you covered.
Use our high-level road map to help get you started on your journey toward compliance.
1. Determine what level of maturity your organization needs to (or would like to) achieve.
2. Review the CMMC framework to understand the practices and processes your organization would need to comply with for the level of maturity desired.
3. Conduct a preparedness assessment – work with a third party or with your team to identify technical gaps in existing vs. required practices.
4. Develop and implement practices that are found to be non-existent (or fixes for those determined weak) based on the results of the assessment.
5. Deploy technical solutions where needed.
6. Remediate other process gaps as identified in the preparedness assessment.
7. Identify/select a CMMC Third-Party Assessor Organization (C3PAO) firm for your CMMC audit.
8. Obtain your desired CMMC level maturity certification based on the audit.

Bhavesh Vadhani, Principal, Technology Risk, Cybersecurity, and Privacy
703.847.4418