CMMC – Don’t Wait to Assess Your Maturity and Remediate 

Published On: March 12, 2020

CMMC Overview and Timeline 

In January of 2020, the Department of Defense (DoD) released the Cybersecurity Maturity Model Certification (CMMC) and framework. CMMC is a recognition that cyber threats diminish American industry’s competitive advantage and pose a threat to America’s national security.  

CMMC is designed to assess the cybersecurity maturity of an organization based upon 17 domains across both processes and practices. While the certification is new, the controls associated with CMMC are known. In total, there are 171 controls that are derived from the following frameworks and regulations: 

  • NIST SP 800-171 
  • NIST SP 800-171B 
  • 48 CFR 52.204-21 

CMMC details 5 levels of maturity that an organization can be certified on – largely centered on the theme of the institutionalization of cybersecurity practices. In addition, organizations must obtain the lowest level of maturity in totality (practices and processes) before obtaining a higher-level maturity certification. Finally, organizations are able to bid on DoD work based upon their certified maturity level.  

CMMC Timeline 

The DoD’s timeline for CMMC implementation shows that they are serious about the certifications and making it a requirement moving forward.  

  • February to May 2020 – Assessors/3PAO’s will be trained and certified. 
  • June to September 2020 – Initial rollout of a subset of DoD programs/RFI’s that include CMMC level certification will begin. Organizations wishing to bid must be certified at the required CMMC level. 
  • October 2020 and beyond – All DoD contractors will need to be certified to bid on new work. 

As indicated above, the DoD is moving expeditiously to implement CMMC. Organizations should not wait to understand their cybersecurity maturity level – the frameworks, regulations, and controls are known. As such, organizations that are seeking CMMC can (read: must) begin to self-assess and, more importantly, begin remediation activities prior to engaging a certified assessor.   

How TrustMAPP Can Help 

TrustMAPP’s Cybersecurity Maturity Assessment software is built specifically for organizations that are looking to kickstart their CMMC activities.  What’s more, TrustMAPP has developed an automated CMMC assessment that contains all of the necessary components to prepare organizations for a third-party assessment. TrustMAPP’s CMMC assessment includes: 

  • Automated CMMC assessment user assignment and distribution  
  • CMMC control mapping to NIST frameworks 
  • Remediation recommendations at a control level 
  • Capital and resources estimates to achieve the desired certification level 
  • Pre-built GAP analysis dashboard 
  • Task management tools 

Learn more about TrustMAPP’s solution by contacting us today! 

Browse These Topics

Tags

Assess Company's Security Readiness automate and visualize information security risk management better understanding of their information security management boost the confidence of board members boost the protection of your data corporation’s information security create a security roadmap cyber attack Cyber defense experts cyber security determining cyber risks developing security programs across the business Easy to Understand Data Security Solution effective cyber security software Effective Data Security Measures Good Cyber Hygiene guide development of a strong information security high quality cyber security tools house being robbed Identify Potential Security Weaknesses information security dashboard information security management information security managers information security platform Information Security Programs maintain advanced cyber security maintain the control and strength of your firm’s cyber security manage security programs success Managing information security prioritize security functions professional information security Progressive Data Security Solutions Proposing solutions to cyber threats reliable cyber security platform reliable information security dashboard responsibilities of a CISO risk assessment software stay ahead of potential cyber threats strengthening your company’s security measures strength of your company’s information security strong information security programs vCISO Visualization of Information Security Risk Management Visualize Information Security Risks visual representation of security risk in an organization