Skip to content
How to Prepare for a CMMC Assessment
Adam KeelyMay 25, 20211 min read

How to Prepare for a CMMC Assessment

Since the DoD first released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) in January 2020, companies operating in federal supply chains have been trying to figure out what they can do to prepare for a future CMMC assessment.

Get Answers to Your Questions about CMMC

Typical questions you may have about CMMC include:

  • Who is impacted by CMMC?
  • How do I pass a CMMC assessment?
  • Who is involved in the CMMC-AB pilot programs?
  • How do I know which cybersecurity maturity level of CMMC applies to my company?
  • What are the costs of CMMC compliance?
  • When is the deadline for CMMC?
  • What can I do now to prepare for a future CMMC assessment?


CMMCTake Steps Now to Get Ready

Although C3PAOs are not yet able to perform CMMC assessments themselves (as of May 2021), there are things you can do now to prepare your company for a future assessment by a C3PAO.

  1. Isolate CUI.
  2. Use FIPS-validated cryptography for encryption.
  3. Manage CUI with defined policies and procedures.
  4. Avoid the shopping cart approach.
  5. Identify gaps.

RPOCorserva CMMC Readiness Services

Corserva can prepare you for a CMMC assessment by a C3PAO.

Corserva is a CMMC-AB Registered Provider Organization™ (RPO) and we are listed on the CMMC-AB Marketplace.

As an RPO, Corserva is authorized by the CMMC-AB to provide pre-assessment consulting services to government contractors and other OSCs.

Corserva has created an easy process to enable you to get ready for a CMMC assessment and protect your government contracts.

To prepare you for your CMMC assessment, these are the steps we follow:

  1. Identify the relevant requirements of CMMC you will need to meet.
  2. Perform an "as is" gap analysis of your processes and security controls, identifying areas to be corrected.
  3. Create a list of remediation steps to be taken prior to your certification assessment being performed by a C3PAO.

The end deliverable to you is a clear set of corrective actions to take before your CMMC assessment.


About Corserva

Corserva has been in business for over 30 years and offers a large IT and consulting services portfolio. Our team strongly focuses on NIST 800-171 assessments and CMMC readiness services.


Adam Keely

Adam is a security analyst and CMMC-AB Registered Practitioner (RP). He is a member of Corserva’s assessment and compliance team, guiding companies in meeting business objectives with NIST 800-171 and CMMC. Adam spent 5 years in the United States Marine Corps as a Communications Electronics Technician before entering the corporate world, where he has worked in web development and cybersecurity.