A Roadmap to Leveraging Independent, Third-Party Risk and Security Expertise 

TrustedSec’s Cybersecurity Maturity Model Certification (CMMC) Gap Assessment is designed to provide a view into the current state of the Controlled Unclassified Information (CUI) environment, identify areas for improvement, and provide a prioritized roadmap for achieving the required level of maturity for security controls and processes.

The CMMC was rolled out in January 2020 for any organization in the supply chain that seeks to do business with the Department of Defense (DoD). The CMMC will become a requirement for DoD contracts.

While much of the CMMC shares similarities with NIST 800-171, there are also many differences. According to the DoD:

The CMMC framework adds a certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the DoD that a Defense in Base (DIB) contractor can adequately protect CUI at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.

A Gap Assessment is a critical factor in the development and maintenance of a comprehensive risk and compliance-focused Information Security program. TrustedSec reviews an organization’s control structure against the CMMC requirements and assists in the development of a strategy to become compliant or certified.

By performing a CMMC Gap Assessment, organizations are able to leverage independent, third-party risk and security expertise for strategic planning to expedite compliance efforts. TrustedSec provides a sound understanding of where your program is, where it should be, and specific recommendations for attaining compliance in alignment with strategic business objectives.

Because an organization must demonstrate both the requisite “institutionalization of processes” and the “implementation of practices” for a specific CMMC maturity level, TrustedSec also offers a review of remediation best practices to address these requirements.