Blog

Cybersecurity Compliance (and CMMC)

Share
  1. Learn about NIST 800-171 requirements (currently applicable to all levels of DoD contractors including – including lower tier subcontractors): https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
  2. Learn about Cybersecurity Maturity Model Certification (CMMC):
  3. Follow the CMMC AB (accreditation body) for news: https://cmmcab.org/
  4. TO BE COMPLIANT:
    • Contact your local APEX Accelerator counselor to make sure you understand how it applies to you and the process. Virginia clients email apex@gmu.edu if you don’t know your counselor.
    • Create a System Security Plan (SSP) – template available on link #1 above from NIST
    • If applicable create a Plan of Action and Milestones (POAM) – template available on link #1 from NIST (look under Documentation)
    • Perform your Basic (self) Assessment against NIST 800-171 – instructions and documents available on link #1 above from NIST (look under documentation)
    • Perform your self-assessment for CMMC: https://www.projectspectrum.io/#/cyber-readiness-check
    • Publish your results from the NIST 800-171 Basic (self) Assessment into the Supplier Performance Risk Management System (SPRS): https://www.sprs.csd.disa.mil/ and review FAQ: https://www.sprs.csd.disa.mil/faqs.htm#nist
    • If applicable, locate an official Certified 3rd Party Assessment Organization (C3PAO) to perform a CMMC 2.0 level 2 assessment (get multiple quotes on the open market to see how much it will cost for the assessment): https://cmmcab.org/marketplace/

Other resources:

Link:

Posted in: