CMMC Compliance

The CMMC Interim Rule / NIST 800-171 Implementation

CMMC was created to ultimately inject more defense contractor accountability into the protection and privacy of sensitive government contract information. Full implementation into all new Defense Department contracts will take five years. But in the meantime, an Interim Rule kicked in on Nov. 30, 2020 with tough new requirements for all new and renewing contracts:

  • A self-assessment, reviewing implementation of 110 cybersecurity controls defined in NIST (SP) 800-171

  • A System Security Plan (SSP) that provides the details of the environment and implementation of the controls

  • A Plan of Action & Milestones (POA&M) that defines which controls are not addressed and specific time frames and plans for implementation

Most of the organizations that these requirements apply to are small and medium sized, without the internal IT resources to perform the assessment or prepare the documentation. We can guide you through the assessment process and automates the report generation.