CMMC 2.0 Checklist

The Department of Defense has mandated contractors and subcontractors who handle Controlled Unclassified Information achieve Cybersecurity Maturity Model Certification (CMMC). Navigating the process of readiness and achieving DOD cybersecurity maturity model certification can pose significant challenges, as it often entails complexities and intimidations for many organizations. Our CMMC Checklist can help you start taking steps in the right direction!

 

 

 

 

green check box

Do you have a System Security Plan (SSP)?

The SSP is meant to be a document that contains all the implemented security controls relevant to your organization.

You will want to have evidence & documentation/policies for each control that is implemented.

 

green check box

Have you established a Plan of Action & Milestones (POAM)?

The POAM is a working document of your controls that still need to be completed.  You can view this as your “to-do list” or “roadmap”.

 

green check box

Have you created a Disaster Recovery Plan?

The DR plan is your documented procedures around how your organization will respond to unplanned events.  These events could be IT or cyber-related and pertain to natural disasters, power outages, etc.

 

green check box

Have you created an Incident Response Plan?

Your incident response plan is a document containing the tools and procedures that your security team can use to identify, eliminate, and recover from cybersecurity incidents.

 

green check box

Do you have policies & procedures around handling sensitive information?

You should have documentation regarding all the CMMC controls. Part of this is defining how you store, transmit, and process CUI and FCI.

 

green check box

Are you using Endpoint Detection Response software?

Basic anti-virus might have been good enough ten years ago; however, proper endpoint detection and response software will better protect your organization and help check off more controls.

 

green check box

Are you utilizing Multi Factor Authentication (MFA) for all remote connections (VPN) and privileged accounts (admins)?

This is a requirement of NIST 800-171 and CMMC, but it is also good practice within any business. Most cyber liability insurances are starting to require these practices.

 

green check box

Have you assessed your organization for vulnerabilities?

Determine when the last time (if ever) you performed a vulnerability assessment of your organization. Also, put together a plan to remediate vulnerabilities and document them.

 

green check box

Are patches and updates performed regularly and audited to confirm status?

Are you doing patches and updates manually? Are you using a RMM software to perform these tasks?  There are many ways to automate this and make the auditing process more manageable.

 

green check box

Are you actively reviewing event logs, or have you deployed a SIEM?

Do you have a Syslog server set up to collect all event logs?  Who is responsible for reviewing them and checking for anomalies if you are doing this?  Another way to accomplish this is by using a SIEM backed by a 3rd party SOC (security operations center).  Some SIEM tools use Artificial Intelligence to correlate the logs stored safely in a central repository.  If anything is anomalous, it will put an alert in to have a security engineer look into the logs for you.

Stay a while. We have plenty to read.
Protecting Your Site: Construction Cybersecurity

Protecting Your Site: Construction Cybersecurity

The construction industry is no stranger to challenges. From project delays to budget overruns, professionals in this field are adept at navigating obstacles. Yet, there's a growing threat that many are still grappling with: cybersecurity. Having a working of ...

read more
SharePoint Workflow That Works For You

SharePoint Workflow That Works For You

5 Reasons Why A SharePoint Workflow Your SharePoint workflow can make or break your efficiency. If you're a business leader, you're always trying to improve your digital operations and make your processes more efficient. Cloud storage has become the norm in today’s...

read more
Manufacturing Cybersecurity in 2024

Manufacturing Cybersecurity in 2024

How Important Is Manufacturing Cybersecurity? Manufacturing cybersecurity is one of the major concerns for business leaders across the world. In today's fast-paced world, where technology is changing how we make things, keeping your manufacturing business safe from...

read more
Defense Contractors, Sub-Contractors and CMMC Compliance

Defense Contractors, Sub-Contractors and CMMC Compliance

  Cybersecurity has become a top priority for governments, businesses, and individuals alike. New cyber-attacks are launched daily across all sectors, public and private. Cybersecurity has become a necessity for defense contractors, tasked with handling sensitive...

read more