CMMC IS COMING. Are you getting ready?
principia/RAID is excited to be listed as under review by the CMMC-AB as we seek certification as a C3PAO (Certified Third-Party Assessor Organization). We look forward to working with the folk at the CMMC-AB as the review progresses.
Once the CMMC certification process is tested and live, companies wanting to do business with the US Government will need to be CMMC certified. The days of self-certifying to the DFARS standards and coasting along with a POAM (plan of action and milestones) will be a thing of the past. Companies will need to satisfy a new compliance scheme (with some additional controls in some cases!) coupled with actual third-party audits in order to do business with the USG.
So what does a new compliance scheme on the horizon mean to a business that wants to work with the US Government? It means you have an opportunity to prepare! Although there are not yet certified assessors for CMMC, the control schemes are already available. This means that you can start working now so that your company is prepared for the first wave of certified assessors. If you’re already 800-171 compliant, you’re a good way down the road already. You likely do still have some work to do, though. If you were a little lenient on yourself during your DFARS self-assessments, or you’re a new supplier to the USG, it’s time to roll up your sleeves. The good news is that qualified help is available now. An assessment of your Cybersecurity plan, a strategic get-well plan to address any gaps, and some assistance getting started on the implementation efforts can prepare you to face the looming certification process…..and engaging with an approved C3PAO (acronyms!!) can only help.
As anyone who has fought to bring a company’s IT and Cybersecurity programs into compliance with a control scheme can tell you, START NOW! It is not an overnight process. Even some controls like awareness training must be institutionalized by their very nature and must be in flight to be satisfied. That can take a while to get up and running. Not to mention the implementation of purely technical controls, which can be a lengthy and challenging process to say the least.
principia/RAID can help you start preparing your CMMC controls or simply provide some additional assurance and comfort that what you’ve already done is fit for purpose. If you are unsure what you need to do, or just need help getting started, call us and let’s talk about your options.