CMMC Self-Assessment

The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s answer to the constant hacking from non-friendly countries of our Defense Industrial Base (DIB) supply chain. The value of CMMC comes from its framework, requirements and maturity levels which are designed to reduce risk against cyberattack when implemented.  

​

Most DIB contractor/supplier will start by becoming certified to CMMC Maturity Level 1 (ML-1) - Basic Cyber Hygiene. The first step is to do a CMMC ML-1 Self-Assessment which has you assess against the technical requirements of NIST 800-171.

 

Start With the CMMC Self-assessment

​

The assessment is a stand-alone required activity that will create a baseline for the state of your cybersecurity. Completing it will signal to the DoD that you’re aware of CMMC, allowing you to participate in DoD contracts.  

​

As the name suggest, this is an assessment you do on your yourself. The issues many companies are running into are:

 

• They don’t fully understand what they’re self-assessing against

• Most are assessing in a general sense (company-wide)

• Companies only need to assess against those items that touch Controlled Unclassified Information (CUI) and/or Federal Contract Information (FCI).

​

Working With ISOP on Your CMMC Self-Assessment 

​

The CMMC process is substantial and not understanding how to complete your self-assessment can make things more complicated from the get-go. ISOP can work with you on your CMMC level 1 self-assessment so you only focus on only those items that need attention for CMMC compliance. We can also help with understanding the difference between the self-assessment and the Gap Analysis, which is the next step in the process.

 

ISOP Solutions is a Certified Third-Party Assessor Organization (C3PAO) Candidate.