Pathway to Achieving CMMC ComplianceWhat Is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) 2.0 is the newest update to the Department of Defense (DoD) mandated security framework for organizations seeking to provide services to the agency. Once fully rolled out, all DoD-contracting organizations must be compliant with CMMC 2.0 standards, and those that are not may find themselves shut out of DoD business.
CMMC 2.0 was released in November 2021. The gist of the program is that an organization can get certified at one of three levels—from Level 1, Foundational, to Level 3, Expert. Each of the three levels has an increasing number of practices and processes that an organization must implement to be considered in compliance with that level.
Level 1 includes 17 essential practices designed to provide the foundation for a solid security program and allows organizations to perform annual self-assessments to attest to their implementation of the security practices.
Level 2 aligns with the 110 security practices of NIST 800-171. For those organizations that store, process, and/or transmit critical national security information, they will be required to undergo triennial third-party assessments. Those organizations that deal with less sensitive levels of Controlled Unclassified Information (CUI) will be allowed to do annual self-assessments.
Level 3 is reserved for those organizations that store, process, and/or transmit only the most sensitive national security information. This level implements the 110+ practices of NIST 800-172 and requires triennial, government-led assessments.
How Does My Organization Get CMMC 2.0 Certified?
The changes reflected in CMMC 2.0 will be implemented through the rule-making process. Companies will be required to comply once the forthcoming rules go into effect. While these rule-making efforts are ongoing, DoD intends to suspend the current CMMC 1.0 piloting efforts and will not approve inclusion of a CMMC 1.0 requirement in any DoD solicitation. The final certification process and details will be released in the near future.
TalaTek has been recently cleared as a candidate C3PAO and will be approved to provide CMMC certification services once we undergo the proper training and certification ourselves. We are hoping to achieve these steps by mid-late 2022.
But just because there is currently no way to obtain a CMMC certification doesn’t mean your organization can’t start to prepare so you’ll be ready when it’s possible to apply for it.
Has the CMMC-AB approved certified training programs for becoming an Assessor?
Yes. Cerberus Sentinel, TalaTek’s parent company, is a certified CMMC-AB Licensed Training Provider (LTP). The CMMC-AB established an approved LTP network of Provisional Instructors (PIs) to deliver training to those who want to obtain Certified CMMC Professional and/or Certified CMMC Assessor certifications. The CMMC-AB considers only training provided by LPTs as valid for preparing for the CMMC-AB certifications. Our instructors are CMMC-AB certified PIs. They were required to go through a rigorous training process, followed by passing knowledge-based and performance-based examinations. This also included completing aggressive Provisional Assessor training to gain comprehensive knowledge about the CMMC Framework. For more information, please visit the CMMC Training page.
Using NIST SP 800-171 to Prepare for CMMC 2.0
The CMMC 2.0 program aligns its baselines with NIST SP 800-171. A Level 2 CMMC 2.0 certification includes all 110 requirements from NIST 800-171, verbatim.
If your organization decides to focus on obtaining a Level 2 CMMC 2.0 certification, having TalaTek perform a NIST 800-171 gap analysis is a great starting point to determine if you are meeting the required practices.
TalaTek’s NIST 800-171 advisory services can accelerate your organization on the pathway to success. We can help you implement NIST 800-171 requirements, create the necessary documentation, and set your organization up for CMMC 2.0 compliance.
TalaTek provides you with the skills and roadmap necessary to expedite 800-171/CMMC 2.0 compliance while saving you the hassle/effort or time and attention [cost] of doing it yourself. We have more than 16 years of hands-on experience with multiple frameworks. By using our tried-and-tested project plans, templates, and scoping methodology strategies, your organization will obtain compliance on time and on budget—with no surprises.
Establishing your organization’s security boundary is a crucial early step that can help you prepare for the gap analysis process.
Click on the links above to learn more about TalaTek’s NIST 800-171 gap analysis and advisory services.
NIST SP 800-171 Gap Analysis
TalaTek’s NIST SP 800-171 gap analysis is an in-depth review of your organization’s capabilities and practices, designed to provide you with assurance that you are meeting those requirements. It can also help you determine if your organization is ready to obtain Cybersecurity Maturity Model Certification (CMMC) 2.0.
NIST SP 800-171 Advisory Services
TalaTek provides you with the skills and roadmap necessary to expedite your 800-171 compliance. We have more than 16 years of hands-on experience with multiple frameworks. By using our tried-and-tested project plans, templates, and scoping methodology strategies, your organization will obtain compliance on time and on budget—with no surprises.
NIST SP 800-171 Security Boundary
The Terrible Truth: It is shockingly easy to waste time and resources on security. That’s why properly scoping your security boundary is critical to ensuring that your organization expends time and resources implementing the right requirements on the appropriate components within a well-defined boundary, not more and not less.