• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer
Hartman Executive Advisors

Hartman Executive Advisors

Business & IT Strategy Consulting Firm

  • Business Strategy Consulting
  • IT Management Consulting
  • IT Strategy Consulting
  • Risk Management Consulting
  • Telehealth
  • About
    • Careers
    • Community
    • Our Team
    • Testimonials
  • Services
    • Business Strategy Consulting
      • CIO Consulting Services
      • CISO Consulting Services
      • Interim Executive Placement Services
      • M&A Advisory
      • Telehealth Consulting Services
      • IT Coaching & Mentoring
      • Organizational Development
      • Process Engineering
    • Risk Management Consulting
      • CMMC Compliance Services
      • Cyber Risk Assessment
      • Governance, Risk and Compliance
      • Incident Response Planning
      • IT Due Diligence
    • IT Management Consulting
      • Change Management
      • IT Portfolio Management
      • Vendor Selection & Management
    • IT Strategy Consulting
      • Core Banking System Selection
      • FinTech Consulting Services
      • IT Strategy Assessment
      • Software Evaluation
      • Software Selection
      • Virtual Event Technology
  • Industries
    • Construction
    • Education
    • Financial Services
    • Government Contracting
    • Healthcare
    • Human Services
    • Manufacturing, Retail, Logistics & Distribution
    • Nonprofit & Association
    • Real Estate
    • State & Local Government
  • Resources
    • Blog
    • Case Studies
    • eBooks
    • Executive Technology Survey Results
    • C3 SUMMIT
    • Speaking Engagements
  • Contact Us
(410) 587-0064 Request a Consultation
(410) 587-0064 Request a Consultation

6 Things You Need To Do To Prepare For CMMC 2.0

August 2, 2021 by The Hartman Team

immersive cyber security interface over dark blue background

Updated: 6/27/23

CMMC is an acronym that most companies that work for the U.S. Department of Defense have become familiar with. The Cybersecurity Maturity Model Certification, or CMMC for short, is a set of standards issued by the DoD to help defense contractors in the Defense Industrial Base (DIB) improve their cybersecurity capabilities. All contractors who want to work with the DoD will need to meet specific requirements.

Preparing For The CMMC 2.0 In 6 Steps

The CMMC 2.0 encompasses several levels, ranging from CMMC 2.0 levels are based on the data created, processed, or stored in your environment.  The focus is protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).  To understand what level may apply to you, you need to identify the type of information you handle and where it is handled within your environment.  This will establish the scope of your compliance with CMMC 2.0

1. Determine Your Organization’s Target Maturity Level

Despite common misconceptions, CMMC 2.0 is not entirely new. Instead, it contains security controls from other established cybersecurity standards, such as NIST SP 800-171 and NIST SP 800-53.
CMMC 2.0 is used to establish levels of cybersecurity maturity. There are three levels in total.

Self-assessment, third-party assessment organizations (3PAOs), and government-led assessments will be used for determining the maturity level of a business. The three maturity levels of CMMC include:

  • Level 1 – Basic Cyber Hygiene- 17 Requirements with Self-Assessment
  • Level 2 – Alignment with the 110 requirements of NIST SP 800-171
  • Level 3 – Requirements based on NIST SP 800-171 and 800-172

2. Obtain or Verify Compliance with NIST SP 800-171

technology of security conceptNIST SP 800-171 requires contractors to consistently document and update system security plans (SSPs), including data like network diagrams, company policies, and relationships between systems. It also mandates that contractors regularly assess the security controls within their organizational systems to identify their effectiveness in application.

While preparing for the CMMC 2.0, businesses should verify that they are compliant with NIST SP 800-171. Performing a gap analysis and readiness assessment can help businesses better understand if they meet the requirements for compliance. Readiness assessments help identify processes and systems that may not meet the standards.

Assessments look at a number of factors, such as if IT staff are adequately trained, if there is an incident response plan in place, how security protocols are implemented and maintained, and how data is stored and access to sensitive information is controlled.

3. Create a System Security Plan or Update Your Current One

A system security plan (SSP) refers to a document that must be continually updated when a business implements significant changes to its security processes or profile. To meet CUI and NIST SP 800-171 requirements, an SSP must include information about each system within a contractor’s environment that transmits or stores CUI. SSPs also reveal the flow of information between systems.

Preparing for the CMMC 2.0 requires a business to either create a system security plan or update their existing one. When developing or updating an SSP, it is important to ensure that it meets certification requirements.

4. Develop a Plan of Action & Milestones (POA&M)

The next step in preparing for the CMMC 2.0 involves building a plan of action and milestones (POA&M). A POA&M is designed to document the remediation project plan and can help identify resource requirements and timelines. Both the SSP and POA&M should prove that the business has the proper cyber practices in place to meet NIST SP 800-171 compliance. It should also address any potential gaps in coverage.

5. Implement the POA&M

Once a POA&M has been completed, it can then be implemented. Completing the POA&M helps ensure compliance with NIST 800-171 and will show essential information like activities necessary to resolve security issues, a timeline of project completion dates, allocation of resources, qualification of risk levels and insights into how security gaps were discovered.

6. Continue Maintaining Compliance

hacker attacking computer cybersecurity codingMaintaining cybersecurity compliance is an ongoing effort.  As organization’s prepare to be compliant with CMMC 2.0,  businesses must continue to monitor their infrastructure to ensure compliance and detect potential security issues before they become too costly to handle. Ongoing monitoring can be challenging for businesses to handle on their own. That is why many companies choose to work with experienced business management consultants who specialize in delivering risk management and compliance services.

Speak With Hartman Executive Advisors For More Information

CMMC 2.0 was designed to serve as a verification tool to ensure that businesses meet the appropriate levels of cybersecurity processes and practices. Cyber threats continue to grow every day and these IT standards help keep businesses protected. To learn more about how to prepare for the CMMC or to speak with an experienced risk management consultant, reach out to the experts at Hartman Executive Advisors today.

Filed Under: Cybersecurity

Primary Sidebar

Types

  • Article
  • Press
  • Vlog
  • Webinar

Topics

  • Associations & Nonprofits
  • Construction
  • COVID-19
  • Cybersecurity
  • Digital Transformation
  • Education
  • Featured
  • Financial Services
  • Government Services
  • Hartman News
  • Healthcare
  • Human Services
  • Interim Executive Placement
  • IT Due Diligence
  • IT Management
  • IT Strategy
  • Leadership
  • Manufacturing, Distribution, Logistics & Retail
  • Mergers & Acquisitions
  • Real Estate
  • Risk Management Consulting
  • Strategic Services
  • Systems & Software
  • Telehealth

Secondary Sidebar

Contact Us

  • This field is for validation purposes and should be left unchanged.

Related Blogs

cybersecurity and data privacy protection concept

Growing Security Trends in Technology for Nonprofits

August 28, 2023

Cybersecurity represents a major challenge for many nonprofit organizations, especially since they collect and store personal information about the [...]
Read More

Supply Chain Cybersecurity

Vulnerable and Valuable: Why Middle Market Supply Chains are Prime Targets for Cyberattacks  

May 31, 2023

While technology brings incredible enhancements to supply chain management, it also creates more vulnerabilities to an enterprise. These threat [...]
Read More

NextGen Healthcare Security Breach

Data Breach in Healthcare Leadership: Lessons from NextGen Healthcare’s Major Security Incident

May 25, 2023

“Ransomware”, “data breach”, and “cyberattack”.   To those of us who work in healthcare leadership these days, those words [...]
Read More

Footer

It's Time to Reach Out
Are you ready for independent IT Leadership?
Contact Us

Hartman Executive Advisors

1954 Greenspring Drive Suite 320 Timonium, MD 21093
410-587-0064

Services

  • Business Strategy Consulting
  • Risk Management Consulting
  • IT Management Consulting
  • IT Strategy Consulting

Resources

  • Blog
  • Case Studies
  • eBooks
  • Executive Technology Survey Results
  • C3 SUMMIT
  • Speaking Engagements
Sign Up for Our Newsletter
Subscribe to Hartman Executive Insights
  • This field is for validation purposes and should be left unchanged.

© 2023 Hartman Executive Advisors · Powered by 321 Web Marketing · Website Privacy Policy & Terms of Use