The time has officially come! The final copy of CMMC 1.0 is out, are you ready? The document was released on January 30th, 2020 and some contracts will require compliance as early as 2021. So, what does this mean? Certification for CMMC will become a requirement for all Department of Defense Contractors, just like DFARS and NIST 800 – 171. The main difference between CMMC and NIST 800 – 171 is that CMMC requires a third-party auditor to check controls versus a self-assessment approach. Now, rather than putting compliance off until later in the year, get a head start! Let’s talk about how to get the ball rolling.
Are You CMMC Ready?
There are several ways to get prepared for CMMC. In this section, we will highlight the ways in which you can get your business in the process.
1.) The First step is to Assess. This first assessment serves to get a baseline of what your company has and what it still needs. Your company needed to become NIST 800 – 171 compliant as of December 31, 2017, so you should have some CMMC required controls in place. CMMC has 5 levels of compliance and the amount of controls you have will determine the level you fall into. These controls will be checked by an auditor, so knowing ahead of time where you stand is very important. It’s like showing up to a test without studying- no one wants to be in that position!
As previously stated, this will also allow for your company to see what controls they are lacking. If your company wishes to be at a higher level of compliance than they were ranked, this is where you can visualize what controls you need to reach the desired level.
2.) Next, you need to develop a plan of action. With this your company can start to strive towards this goal! Basically, your company will be creating a detailed plan on how to get to this specific level. This will include some possible remediation to add controls and/or fix the ones your company currently has. Your company will need to become certified at a certain level if they wish to work with certain contracts, so adding and fixing controls is crucial. This might take some time – as most remediations do, but the result is well worth the wait. Not only will your business be taking action to ensure its eligibility on future contracts, but you will also be improving your security posture against threats! These CMMC controls are designed to help keep your company and employees safe.
3.) The end goal is to become certified, right? Your company has worked hard for this! You deserve it! Now, it’s time to put your work to the test. Hire a certified third-party auditor and have them review your company’s new and improved environment. This will determine the level of certification your company receives. Once you are certified, you need to stay certified. It’s important to constantly review your environment and make any necessary improvements. It is easy to forget or ignore your security until it’s too late.
Feeling Overwhelmed by CMMC?
We get it… compliance is a hassle. You barely have enough time to handle the everyday tasks without another regulation being thrown at you. That’s exactly why we created Bravo on Demand (BoD). With BoD we help you every step of the way! We secure your environment and get your business compliant so you can focus on what you do best!