Pursuing CMMC Level 1 certification can be complicated if you do not have a clear understanding of the requirements and you try to tackle it on your own. Yes, you need to enter a Supplier Performance Risk System (SPRS) score and having a negative score is not uncommon. What we are seeing is that companies just don’t understand all the things they must have and do to achieve compliance.
Although there are only 17 control objectives to meet for Level 1 compliance, having an executive simply sign a self-attestation letter is not enough. In fact, it can create a significant problem for your company if the Department of War (DoW) auditors come knocking.
To protect your company, you must be able to prove that you are complying with the 17 control objectives and have that evidence available.
At a high level, you must have:
- A documented system security plan (SSP)
- Defined polices that meet the control requirements for the stated objectives, not just the practice level
- Defined procedures for the control objectives
- A clearly defined scope with system boundaries
- The correct software/tools for scanning and protecting your systems
If any of the points above have you asking questions about your readiness, or if you feel you need assistance, there is good news. Our team of CMMC Certified Professionals and Assessors (CCPs and CCAs) are ready to guide you through the process and help you with all the requirements. We bring a GRC platform with us to centralize and track all the requirements, deliverables and evidence. For us, it is all about building a relationship to help you become successful in achieving your goals at your pace.
Want to know more? Contact our sales team to start the discussion around your path to successful CMMC Level 1 compliance.
