Get started on your CMMC requirements with 360IT PARTNERS
"*" indicates required fields
What is CMMC?
What will be required of DoD Subcontractors?
- Establish system access requirements
- Control internal system access
- Control remote system access
- Limit data access to authorized users and processes
- Identify and document assets
- Define audit requirements
- Perform auditing
- Identify and protect audit information
- Review and manage audit logs
- Conduct security awareness activities
- Conduct training
- Establish configuration baselines
- Perform configuration and change management
- Grant access to authenticated entities
- Plan incident response
- Detect and report events
- Develop and implement a response to a declared incident
- Perform post incident reviews
- Test incident response
- Manage maintenance
- Identify and mark media
- Protect and control media
- Sanitize media
- Protect media during transport
- Screen personnel
- Protect CUI during personnel actions
- Limit physical access
- Manage back-ups
- Identify and evaluate risk
- Manage risk
- Develop and manage a system security plan
- Define and manage controls
- Perform code reviews
- Implement threat monitoring
- Define security requirements for systems and communications
- Control communications at system boundaries
- Identify and manage information system flaws
- Identify malicious content
- Perform network and system monitoring
- Implement advanced email protections
DOD Contractors must obtain CMMC by May 2023
The 2020 CMMC Roadmap
Q1
January
- Establishment of Accreditation Body
- Completion and release of v1.0
Q2
May
- Establishment of Marketplace
June
- Initial RFIs (Request for Information)
Q3
July
- Potential CMMC update
- Initiation of CMMC 101 training for level 1–3
- Test audits
September
- Initiation of CMMC 101 training for level 4–5
Q4
October
- Initial RFPs (Request for Proposal)
How does one achieve CMMC Compliance?
Our Comprehensive Governance, Risk and Compliance solution (GRC Shield) includes Security Information & Event Management (SIEM), vulnerability scanning, server/laptop encryption, multifactor authentication (MFA), and security awareness training for employees to minimize both technical and human errors.
Your dedicated engineer and Project Manager will keep you updated about the progress through detailed, easy-to-understand calls, including a kick-off call, routine status update calls, and a final wrap-up call after a successful project completion.
The Proof is in the Process
When we learned of the impact DFARS Compliance, now CMMC, would have on our technology, we called on 360IT Partners for help! We drew on the strength of our partnership and they have been there guiding us every step of the way. With their leadership and experience, Kitco Fiber Optics was able to achieve and maintain Compliance. Their team of experts broke everything down into an easy to understand and phased approach that was simple for us to understand. Now that the final draft of CMMC has been released, we feel very confident that when we are called upon for our first audit, we will have our technology in order and plan on passing! We are very happy with our decision to work with 360IT Partners!
Brenda Nagle, FSO HR Representative, Kitco Fiber Optics