CMMC Rollout Status and NIST 800-171

Documentation regarding Cybersecurity Maturity Model Certification (CMMC) 1.0 was officially released on Friday January 31, 2020. At CyberConfirm, we’re reviewing and evaluating that release right now, to implement the changes into our compliance documentation software in the weeks ahead.

Here’s what to expect — and some suggestions on how you should proceed.

Currently, the best COA (course of action) for any DoD contractor or sub-contractor is to ensure immediate compliance with NIST 800-171 through our current CyberConfirm package by generating an SSP and POA&M.

The upcoming CMMC rollout will have about 30% more requirements than NIST 800-171, but with some overlap, reordering, and re-prioritization based on the new compliance scoring methodology from the Office of the Secretary of Defense (OSD).

We are already reviewing the v.1.0 CMMC docs, and you can too, if you’d like.

CyberConfirm’s CMMC version will match the software’s current true/false Q&A formatting. Expect the update to CyberConfirm’s software to be based on CMMC levels, with pre-written compliant answers for the user to select.

In other words, no time or effort will be wasted! Our CMMC version will re-use the work that a current customer puts in on the 800-171 version of CyberConfirm. The update will add all of the new question and answer choices necessary for the Level 1-5 of CMMC that apply.

We will also provide guidance documents on how to properly assess your CMMC level, and where (and how) to focus on compliance based on that new CMMC scoring.

In short, the best COA is to work toward compliance using CyberConfirm’s NIST 800-171 documentation software today. Then, in the months ahead, we’ll provide updates to the software to move toward CMMC. You can re-use the data from all previous documentation work, merging it into an expanded Q&A that will be tailored for your CMMC level and risk profile (based on analysis that we’ll provide).

At CyberConfirm, it is our mission to help you with NIST 800-171 compliance today and CMMC compliance in the future, with no wasted time or effort ever…

Get an email when the CMMC Edition is released!