CMMC: The Journey So Far

Let the Games Begin

After its announcement in January 2020, we have been anxiously awaiting more information on the implementation of the CMMC standard. Summit Business Technology has been on top of every announcement and preparing for the application process to become a C3PAO certified auditor. Beginning June 20th, the CMMC board began accepting applications.

Since we are coming to the final steps of this journey, we thought it would be a great time to cover where we are now and reiterate the implications of this certification requirement, cover the next stages of its implementation, and what steps you can take prepare for your audit.

Where We Are Now

Summit has submitted our application to become a C3PAO, and we are preparing to undergo the associated training. Pending our application’s approval, we are expecting to be able to begin audits in late 2020. As you can see in the timeline graphic provided by www.cmmcab.org, we are still waiting on licensed instructors and training partners, hiring the CMMAC-AB Staff, and government agencies to adopt the standard.

What You Should Be Doing

Achieving the CMMC standard will not be as simple as implementing the necessary infrastructure and policies. CMMC will be looking for a proven history of compliance with its standards. When it comes time for audits to begin, you will want to give you auditor historical records showing a history of compliance like multiple iterations of mandatory password changes, and proven policy adaptation.

At Summit, we are at the forefront of assisting companies in preparing for the CMMC audit by completing NIST 800‐171/DFARS gap analysis. As a pending C3PAO, we can review your cybersecurity framework against the current NIST‐800‐171 standard and the anticipated additional controls required to achieve a level 3 CMMC accreditation. Should we find any potential gaps, we can work with your company to complete a necessary SSP and POAM remediation plan and assist in remediating your cybersecurity framework to align you with the CMMC standard better.

Contact our Cyber Security Division to discuss the process and any questions you might have.

Share:

Facebook
Twitter
LinkedIn
On Key

Related Posts

7 Questions to Ask When Evaluating MSSPs

Having an up-to-date technology infrastructure is critical for organizations to perform well in this ever-changing business world. An outdated technology infrastructure can harm your business by: Giving cybercriminals a free

6 Signs You Need a Tech Refresh

When used strategically, technology can help small and medium-sized businesses (SMBs) develop a more productive, efficient and innovative workforce. That’s why businesses that prioritize technology are three times more likely

Prioritize IT Gaps – Jan 2022

Technology Gap Review- Going beyond Cybersecurity Today’s technology-based businesses must deal with multiple issues, including cyberthreats, head-to-head competition and regulatory compliance. Hence, keeping your technology infrastructure up to date is