Since the DoD first released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) in January 2020, companies operating in federal supply chains have been trying to figure out what they can do to prepare for a future CMMC assessment.
Get Answers to Your Questions about CMMC
Typical questions you may have about CMMC include:
- Who is impacted by CMMC?
- How do I pass a CMMC assessment?
- Who is involved in the CMMC-AB pilot programs?
- How do I know which cybersecurity maturity level of CMMC applies to my company?
- What are the costs of CMMC compliance?
- When is the deadline for CMMC?
- What can I do now to prepare for a future CMMC assessment?
Although C3PAOs are not yet able to perform CMMC assessments themselves (as of May 2021), there are things you can do now to prepare your company for a future assessment by a C3PAO.
- Isolate CUI.
- Use FIPS-validated cryptography for encryption.
- Manage CUI with defined policies and procedures.
- Avoid the shopping cart approach.
- Identify gaps.
Corserva CMMC Readiness Services
Corserva can prepare you for a CMMC assessment by a C3PAO.
Corserva is a CMMC-AB Registered Provider Organization™ (RPO) and we are listed on the CMMC-AB Marketplace.
As an RPO, Corserva is authorized by the CMMC-AB to provide pre-assessment consulting services to government contractors and other OSCs.
Corserva has created an easy process to enable you to get ready for a CMMC assessment and protect your government contracts.
To prepare you for your CMMC assessment, these are the steps we follow:
- Identify the relevant requirements of CMMC you will need to meet.
- Perform an "as is" gap analysis of your processes and security controls, identifying areas to be corrected.
- Create a list of remediation steps to be taken prior to your certification assessment being performed by a C3PAO.
The end deliverable to you is a clear set of corrective actions to take before your CMMC assessment.