What is a CMMC audit?
CMMC stands for “Cybersecurity Maturity Model Certification” and is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). A CMMC audit is intended to serve as a verification mechanism to ensure that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks.
How do I prepare for a CMMC Audit?
While there are many steps to take to prepare for a CMMC audit here are our top 5 recommendations for getting started:
- 1. Determine your CMMC Maturity Level
- 2. Take the NIST 800-171 Self-Assessment or contact us for help assessing your current environment.
- 3. Create Your SSP & POA&M
- 4. Report Your Score to the SPRS
- 5. Work with a CMMC Consultant
Who needs to be CMMC compliant?
CMMC applies to anyone in the defense contract supply chain. These include contractors who engage directly with the Department of Defense and subcontractors contracting with primes to fulfill and/ or execute those contracts. CMMC is a vehicle the United States Government is using to implement a tiered approach to audit contractor compliance with NIST SP 800-171, based on five different levels of maturity expectations. DoD contractors have been required to comply with NIST 800-171 since January 1, 2018.
How can I get more information?
For more information about The Cybersecurity Maturity Model Certification and requirements please visit the following: https://www.acq.osd.mil/cmmc/faq.html If you need help getting started with CMMC, NIST, or any other compliance standards, Book a meeting with us or contact us here. We're here to help!