5 Things to Prepare you for CMMC

September 9, 2021


Secure Halo

5 Things to Prepare you for CMMC

If you work in cyber security, chances are you are at least familiar with what CMMC is. The Cybersecurity Maturity Model Certification (CMMC)  is intended to serve as a verification mechanism to ensure that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks (source: OUSD A&S). Getting your certification is a process, and one that Secure Halo offers assistance with to help get you ready. For more information, click here.


5) Determine which level of maturity in which domains you need to achieve

The CMMC model consists of 17 domains. Many of these CMMC domains originated from the Federal Information Processing Standards (FIPS) 200 security-related areas and the NIST SP 800-171 control families. In addition to this, The DoD defines process maturity as “the extent of institutionalization of practices within an organization”. Find out which domains your business would like to focus on, and how mature you would like to become in those chosen domains. Maturities range from basic cyber hygiene (Level 1) to advanced/progressive capabilities (Level 5).

4) Perform a self-assessment to identify gaps

Third-party companies can be contracted to help your buisiness with a CMMC self-assessment (NIST 800-171). These typically can be completed alone or with the help of a third party, either way, the purpose of the self-assessment is to identify any weak links in your security that might be harmful to you during the real CMMC assessment.

Remember– it is important to answer all questions honestly during this part of the process, so your company will have room to improve for the certification.


3) Build a Security System Plan (SSP)

The System Security Plan (SSP) is a living document that must be updated when a company makes substantial changes to its security profile or processes. Typical information captured in the plan includes company policies, employee security responsibilities, network diagrams, and administration tasks.

While creating and updating the SSP is critical to maintaining certification requirements, it can be a resource-intensive process so contractors need to ensure they have the resources in place to do this.


2) Make the necessary investments to execute your plan

It’s likely your plan will need to go beyond merely revising processes. Be prepared to invest in additional solutions in order to build a future-ready security environment. Your ROI may include:

• Winning future DoD and government contracts

• Mitigating the internal costs and damage of future cyberattacks

• Securing more streamlined and efficient ways of working for the business

1) Engage a third-party auditor to verify CMMC compliance

Once a CMMC compliance program has been fully implemented, you’ll need to bring in a Registered Practitioner (RP), Registered Provider Organization (RPO), or a Certified Third-Party Assessor Organization (C3PAO) to assess and validate your CMMC compliance and maturity.


Vulnerability Scanning and Penetration Testing

Attackers scan for vulnerabilities that will open the door into organizations. But how do you find every vulnerability and how do you know which to prioritize fixing? Trust the Secure Halo Find, Fix, Protect approach. We assess your network security, reveal vulnerabilities, and recommend decisive actions to maximize limited resources. If you would like to read more about the services we offer, click here

You May Also Like…

Top 5 Cyber Threats to Business

Top 5 Cyber Threats to Business

Top 5 Cyber Threats to Business With the ever-growing digital age, cyber crime is on a constant rise, and no one seems...

Cyber’s Gender Gap

Cyber’s Gender Gap

Cyber's Gender Gap Cybersecurity and Information Technology holds a reputation for being a field of study continuously...