The CMMC Interim Rule / NIST 800-171 Implementation
CMMC was created to ultimately inject more defense contractor accountability into the protection and privacy of sensitive government contract information. Full implementation into all-new Defense Department contracts will take five years. But in the meantime, an Interim Rule kicked in on Nov. 30, 2020, with tough new requirements for all new and renewing contracts.
A self-assessment, reviewing the implementation of 110 cybersecurity controls defined in NIST (SP) 800-171
A System Security Plan (SSP) that provides the details of the environment and implementation of the controls
A Plan of Action & Milestones (POA&M) that defines which controls are not addressed and specific timeframes and plans for implementation.
Contact us today, so that we can schedule a GAP Assessment to provide you with information on the level of effort required to achieve Maturity Level 1 (ML-1).