Documentation regarding Cybersecurity Maturity Model Certification (CMMC) 1.0 was officially released on Friday January 31, 2020. At CyberConfirm, we’re reviewing and evaluating that release right now, to implement the changes into our compliance documentation software in the weeks ahead.
Here’s what to expect — and some suggestions on how you should proceed.
Currently, the best COA (course of action) for any DoD contractor or sub-contractor is to ensure immediate compliance with NIST 800-171 through our current CyberConfirm package by generating an SSP and POA&M.
The upcoming CMMC rollout will have about 30% more requirements than NIST 800-171, but with some overlap, reordering, and re-prioritization based on the new compliance scoring methodology from the Office of the Secretary of Defense (OSD).
We are already reviewing the v.1.0 CMMC docs, and you can too, if you’d like.
The expectation is that CyberConfirm’s CMMC version will match the software’s current true/false Q&A formatting. Expect the update to CyberConfirm’s software to be based on CMMC levels, with pre-written compliant answers for the user to select.
We will also provide guidance documents on how to properly assess your CMMC level, and where (and how) to focus on compliance based on that new CMMC scoring.
In short, the best COA is to work toward compliance using CyberConfirm’s NIST 800-171 documentation software today. Then, in the months ahead, we’ll provide updates to the software to move toward CMMC. You can re-use the data from all previous documentation work, merging it into an expanded Q&A that will be tailored for your CMMC level and risk profile (based on analysis that we’ll provide).
At CyberConfirm, it is our mission to help you with NIST 800-171 compliance today and CMMC compliance in the future, with no wasted time or effort ever…