CMMC: The Journey So Far

Let the Games Begin

After its announcement in January 2020, we have been anxiously awaiting more information on the implementation of the CMMC standard. Summit Business Technology has been on top of every announcement and preparing for the application process to become a C3PAO certified auditor. Beginning June 20th, the CMMC board began accepting applications.

Since we are coming to the final steps of this journey, we thought it would be a great time to cover where we are now and reiterate the implications of this certification requirement, cover the next stages of its implementation, and what steps you can take prepare for your audit.

Where We Are Now

Summit has submitted our application to become a C3PAO, and we are preparing to undergo the associated training. Pending our application’s approval, we are expecting to be able to begin audits in late 2020. As you can see in the timeline graphic provided by www.cmmcab.org, we are still waiting on licensed instructors and training partners, hiring the CMMAC-AB Staff, and government agencies to adopt the standard.

What You Should Be Doing

Achieving the CMMC standard will not be as simple as implementing the necessary infrastructure and policies. CMMC will be looking for a proven history of compliance with its standards. When it comes time for audits to begin, you will want to give you auditor historical records showing a history of compliance like multiple iterations of mandatory password changes, and proven policy adaptation.

At Summit, we are at the forefront of assisting companies in preparing for the CMMC audit by completing NIST 800‐171/DFARS gap analysis. As a pending C3PAO, we can review your cybersecurity framework against the current NIST‐800‐171 standard and the anticipated additional controls required to achieve a level 3 CMMC accreditation. Should we find any potential gaps, we can work with your company to complete a necessary SSP and POAM remediation plan and assist in remediating your cybersecurity framework to align you with the CMMC standard better.

Contact our Cyber Security Division to discuss the process and any questions you might have.

Share:

Facebook
Twitter
LinkedIn
On Key

Related Posts

Offset The Cost of Your CMMC Assessment

The Cybersecurity Maturity Model Certification (CMMC) is redefining the cybersecurity requirements for all companies that work with the Department of Defense (DoD) in any capacity.

CMMC: What You Need To Know

The new Cybersecurity Maturity Model Certification (CMMC) framework was presented in January of 2020, which details tiers of cybersecurity best practices, which all 300,000 members

7 Questions to Ask When Evaluating MSSPs

Having an up-to-date technology infrastructure is critical for organizations to perform well in this ever-changing business world. An outdated technology infrastructure can harm your business