Foundations of a CMMC Compliance Program – Part 1

Are you in the Defense Industrial Base (DIB) and worried about the Cybersecurity Maturity Model Certification (CMMC)?

Right now, there is a lot of upheaval in the industry with a lot of people pushing doom and gloom who are frankly interested in selling audit services.  Answers will take shape over the next few months for questions such as “When will it actually be a requirement for my specific organization”, “How will this affect my specific contracts”, and “What CMMC Compliance level will be required.”

So, what do we at Dito recommend you do now for CMMC?

In short, begin the following three key planning and foundational steps for your CMMC Compliance:

1st, use Google Workspace.  Google’s cybersecurity underpinnings are unparalleled and a great solution for NIST-based programs like CMMC. By using Google Enterprise Plus Workspace with Dito’s NIST Security Assessment, customers who need a foundation for cybersecurity programs including CMMC, FedRAMP & DoD will be very well positioned for CMMC Compliance.

2nd, start working on your NIST SP 800-171 program.  If you need, start working with experts like Dito to create your gap analysis.  By knowing your gaps, you can start planning milestones for your compliance.

3rd, you probably don’t know what level of CMMC Compliance will be required for your organization but you can start looking at this with a few steps.

  • If you are bidding on new RFPs within the DIB, pay special attention to any CMMC requirements and ask for information during the Q&A periods about how CMMC will be implemented.
  • If you are delivering on any existing contracts within the DIB, these steps may help you get a handle on your CMMC Compliance requirements:
    • If you are a prime, start talking to your COR about what CMMC level will be required and when they expect to add them to your contract.  You will likely find this will be addressed in an option year so that may help you identify your level and the timeline for CMMC Compliance.
    • If you are a subcontractor, CMMC includes “roll-down” requirements where subs need to be CMMC Compliant possibly at the same level as the prime.  Start discussing CMMC requirements and timelines with the prime on your contract.

Here are two official CMMC resources you’ll want to bookmark as well

In the meantime, at Dito we love talking about compliance and helping people move their cyber needles in the right direction.  Have a question?  Send an email to AskKAM@ditoweb.com or request a consultation.

Stay tuned for Part 2 on “How to Accelerate CMMC Compliance with Google Workspace CMMC & Dito.” In the meantime, check out this recent post on the “Navigating CMMC Level 2: A Guide for Defense Contractors.”

Connect on LinkedIn

Fast Track Your Compliance

Schedule a free “Compliance FastTrack” Workshop to accelerate your journey

Recent Posts

Webinar Replays

Recent Posts

Transformation happens here.

© 2024 Dito | All Rights Reserved | Privacy Policy
info@ditoweb.com
(855) 937-3486

Services
Accelerators
Company
Go to Top