Determine and Document Controlled Unclassified Information (CUI) Locations
5
Identify and Prioritize CMMC Gaps
6
Approval: CMMC Gap Analysis
7
Develop CMMC Remediation Roadmap
8
Implement Required CMMC Security Controls
9
Conduct Internal Validation Audit
10
Approval: Validation Audit Report
11
Execute Continuous Monitoring Program
12
Report on Continuous Monitoring Findings
13
Approval: Monitoring Report
14
Correct Identified Deficiencies
15
Perform Regular CMMC Training
16
Approval: Training Plan
17
Schedule and Prepare for CMMC Certification Audit
18
Conduct CMMC Certification Audit
19
Approval: Certification Audit Findings
20
Submit Required Documentation to CMMC Accreditation Body
Identify and Document CMMC Level Required
This task involves identifying and documenting the specific CMMC level that is required for your organization. Understanding the level required is important as it sets the baseline for the security controls that need to be implemented. The impact of this task on the overall process is significant, as it determines the scope and depth of the compliance efforts. The desired result is a clear and documented understanding of the CMMC level required for your organization. To complete this task, you will need to review contractual requirements, engage with stakeholders, and consult CMMC guidance documents.
1
Level 1
2
Level 2
3
Level 3
4
Level 4
5
Level 5
Perform Initial CMMC Self-Assessment
In this task, you will perform an initial self-assessment to evaluate your organization's current compliance with the CMMC requirements. The self-assessment will help identify any gaps or areas that need improvement. The impact of this task on the overall process is crucial, as it provides a baseline for further actions. The desired results are a clear understanding of your organization's current compliance status and a list of areas that require attention. To complete this task, you will need to utilize the CMMC self-assessment questionnaire and engage relevant stakeholders.
Document Infrastructure and Network Information
This task involves documenting the infrastructure and network information of your organization. It is important to have a clear understanding of your organization's network architecture and assets to ensure proper implementation of security controls. The impact of this task on the overall process is significant, as it provides a foundation for subsequent tasks. The desired result is a comprehensive documentation of infrastructure and network information. To complete this task, you will need to gather network diagrams, asset inventories, and relevant documentation.
Determine and Document Controlled Unclassified Information (CUI) Locations
In this task, you will determine and document the locations where Controlled Unclassified Information (CUI) is stored, processed, or transmitted within your organization. Identifying the specific locations of CUI is crucial for implementing appropriate security controls. The impact of this task on the overall process is significant, as it helps ensure the protection of sensitive information. The desired result is a documented list of CUI locations. To complete this task, you will need to review data inventories, conduct interviews, and consult relevant stakeholders.
Identify and Prioritize CMMC Gaps
In this task, you will identify and prioritize the gaps in your organization's compliance with CMMC requirements. Identifying the gaps is essential for developing an effective remediation plan. The impact of this task on the overall process is crucial, as it provides insights into the areas that require immediate attention. The desired result is a prioritized list of CMMC gaps. To complete this task, you will need to review the findings from the self-assessment, consult relevant stakeholders, and analyze the compliance requirements.
1
Access control
2
Incident response
3
Encryption
4
Physical security
5
Network security
Approval: CMMC Gap Analysis
Will be submitted for approval:
Identify and Prioritize CMMC Gaps
Will be submitted
Develop CMMC Remediation Roadmap
This task involves developing a remediation roadmap to address the identified CMMC gaps. The roadmap will outline the actions, timelines, and resources required to achieve compliance. The impact of this task on the overall process is significant, as it sets the path for addressing the deficiencies. The desired result is a detailed and actionable remediation roadmap. To complete this task, you will need to prioritize the identified gaps, allocate resources, and develop a timeline.
Implement Required CMMC Security Controls
In this task, you will implement the required CMMC security controls based on the remediation roadmap. Implementing the security controls is crucial for achieving and maintaining compliance. The impact of this task on the overall process is substantial, as it directly addresses the identified gaps. The desired result is the successful implementation of the necessary security controls. To complete this task, you will need to allocate resources, configure systems, and train personnel on the security controls.
1
Access control
2
Incident response
3
Encryption
4
Physical security
5
Network security
Conduct Internal Validation Audit
This task involves conducting an internal validation audit to assess the effectiveness of the implemented security controls. The validation audit helps ensure that the controls are operating as intended and are compliant with CMMC requirements. The impact of this task on the overall process is crucial, as it validates the effectiveness of the implemented controls. The desired result is a comprehensive internal audit report. To complete this task, you will need to conduct system reviews, evaluate documentation, and perform testing.
Approval: Validation Audit Report
Will be submitted for approval:
Conduct Internal Validation Audit
Will be submitted
Execute Continuous Monitoring Program
In this task, you will execute a continuous monitoring program to ensure ongoing compliance with CMMC requirements. Continuous monitoring involves regularly assessing the effectiveness of security controls and identifying any deviations or new areas of concern. The impact of this task on the overall process is substantial, as it promotes ongoing compliance. The desired result is a well-executed continuous monitoring program. To complete this task, you will need to define monitoring procedures, allocate resources, and establish reporting mechanisms.
Report on Continuous Monitoring Findings
This task involves reporting on the findings from the continuous monitoring program. Reporting provides visibility into the effectiveness of the implemented controls and helps identify areas that require further attention. The impact of this task on the overall process is significant, as it informs decision-making and drives improvements. The desired result is a comprehensive report on the continuous monitoring findings. To complete this task, you will need to analyze monitoring data, identify trends, and prepare a report.
Approval: Monitoring Report
Will be submitted for approval:
Report on Continuous Monitoring Findings
Will be submitted
Correct Identified Deficiencies
In this task, you will address the identified deficiencies and take corrective actions to ensure ongoing compliance. Correcting deficiencies is essential for maintaining the integrity of the CMMC implementation. The impact of this task on the overall process is crucial, as it ensures the effectiveness of the controls. The desired result is the resolution of all identified deficiencies. To complete this task, you will need to prioritize the deficiencies, allocate resources, and implement corrective actions.
1
Access control
2
Incident response
3
Encryption
4
Physical security
5
Network security
Perform Regular CMMC Training
This task involves performing regular CMMC training to ensure personnel are aware of their compliance responsibilities and have the necessary knowledge to fulfill them. Regular training is essential for maintaining a culture of compliance within the organization. The impact of this task on the overall process is considerable, as it reinforces compliance awareness. The desired result is a well-trained workforce. To complete this task, you will need to develop training materials, conduct training sessions, and track attendance.
Approval: Training Plan
Will be submitted for approval:
Perform Regular CMMC Training
Will be submitted
Schedule and Prepare for CMMC Certification Audit
In this task, you will schedule and prepare for a CMMC certification audit to validate your organization's compliance with the required level. The certification audit is conducted by an accredited CMMC assessor. The impact of this task on the overall process is significant, as it represents a formal assessment of compliance. The desired result is a scheduled certification audit and all necessary preparations in place. To complete this task, you will need to coordinate with the CMMC accreditation body, prepare documentation, and conduct internal assessments.
Conduct CMMC Certification Audit
This task involves conducting the CMMC certification audit to validate your organization's compliance with the required level. The certification audit is carried out by an accredited CMMC assessor who will assess the implementation and effectiveness of the security controls. The impact of this task on the overall process is substantial, as it confirms compliance and enables your organization to bid on contracts requiring the specific CMMC level. The desired result is a successful certification audit outcome. To complete this task, you will need to facilitate the external assessment, provide access to documentation and systems, and address auditor queries.
Approval: Certification Audit Findings
Will be submitted for approval:
Conduct CMMC Certification Audit
Will be submitted
Submit Required Documentation to CMMC Accreditation Body
In this task, you will submit the required documentation to the CMMC Accreditation Body for certification and accreditation purposes. Submitting the documentation is necessary to obtain the official certification and accreditation status. The impact of this task on the overall process is crucial, as it completes the certification process. The desired result is the successful submission of all required documentation. To complete this task, you will need to collate the necessary documents, review for completeness, and follow the submission guidelines provided by the accreditation body.