The U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the United States’ defense industrial base, which includes over 300,000 companies. The CMMC is the DoD’s response to significant compromises of sensitive defense information located on contractors’ information systems. CMMC requires contractors to assess and certify compliance with dozens of information security controls.
TrustMAPP addresses your CMMC and NIST 800-171 maturity and compliance assessments needs today, and automatically builds a roadmap and forecasts how much and how long it will take to achieve your desired level of maturity posture.
TrustMAPP also lets you manage all of your suppliers against CMMC. Each supplier can be given a scheduled self-assessment, and you can track their progress towards completion in real time. TrustMAPP lets you validate each supplier assessment with a 3rd party accreditation firm. You can visualize and trend over time continuous improvement in security posture across all your suppliers.
TrustMAPP’s CMMC assessment framework accounts for both the CMMC Practices and Processes to help organizations with their certification preparedness efforts. Based upon your organization’s required maturity level, the CMMC assessment can be easily configured to specifically address only those areas that pertain to your organization. Within each Maturity Level, TrustMAPP identifies the specific controls/practices and domains that are required for CMMC certification.
Based upon the assessment results, TrustMAPP then provides a catalog of over 600 remediation recommendations, capital calculations, and level-of-effort estimates that are specific to CMMC and are tailored to the size of the organization. TrustMAPP enables an organization to then create remediation tasks, establish timelines, track effort and capital, and improve their maturity to validate the organization is prepared for a CMMC audit.
Finally, TrustMAPP maps all CMMC Practice responses and remediations efforts to NIST 800-171 controls to ensure that organizations can use the same data for required self-attestation documentation.
You can read more about CMMC in this blog post.