CMMC Assessment Solution
Cyber Maturity Model Certification (CMMC)
All Defense Industrial Base (DIB) vendors must meet Cybersecurity Mandatory Maturity Certification (CMMC) Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) requirements or forego qualification for DoD contracts awards. This reality is coming soon. How are you preparing to achieve your CMMC Third-Party Assessor Organization (C3PAO) certification?
Our interactive CMMC Self-Assessment Console can be your pathway to certification.
See short video:
With our CMMC Self-Assessment Console, we ensure a comprehensive identification of gaps in your cybersecurity readiness to best prepares you for an independent C3PAO certification. Our solution aligns with all available CMMC program regulatory standards.
This solution is cybersecurity complexity made simple; it allows you to quickly and accurately navigate the 17 cyber domains and 171 practices and three process objectives. The automatic infusion of the most up-to-date and accurate CMMC compliance data drives the interactive self-assessment process. The dynamic GUICE2 Data Landscape (DL) powers this process on your journey to the desired maturity level.
- 1-2-3 step process to CMMC CUI readiness and certification success
- 24/7 graphical dashboard view of assessment progress
- Downloadable reports on gaps and mitigation plan of action
- Confidence in achieving your C3PAO certification
AATD will deliver an assessment capability, CMMC Console, powered by a GUICE2 CMMC Data Landscape with comprehensive CMMC program requirements from related authoritative source documents. The CMMC solution is fully integrated and consists of three components.
GUICE2 CMMC Data Landscape (DL).
The DL is the heart of the CMMC Solution. It contains related laws, regulations, and other guidance documents that collectively define the CMMC program’s requirements
- The DL is dynamic and updated continuously, 24/7, as the CMMC program changes and evolves.
- Accurate requirements from the DL drive the CMMC Console cyber readiness assessment process.
- The generation of alerts occur when changes in the DL impact CMMC maturity level and assessments status.
The GV is a web-based application that provides visibility into the DL.
- GV provides detailed CMMC insights, both tabular and graphical, of relationships between the firm’s policies and authoritative regulatory source documents in the DL.
- When used in conjunction with the Console, the GV reduces the time and effort required to complete the assessments. This ready access to relevant supplemental information also dramatically enhances the depth and accuracy of the final self-assessment.
CMMC Console (CC).
The CC is a Web-based application driven by the CMMC requirements, business rules, and best practices contained within the DL.
- The CC and DL integrate seamlessly, and the CC pulls in an up-to-date set of CMMC requirements each time it’s refreshed.
- CC assessment processes are directly linkedback to the authoritative source documents in the DL.
- Interactive questionnairesand practice-specific checklists guide users through performing an assessment.
- The CC provides assessment reportsand an auditable solution to prove CMMC compliance.
Benefits to Users:
On-boarding and conducting the self-assessment is an easy 1-2-3 step process.
The intuitive graphic dashboard reflects current assessment status by domain and maturity level for individual systems and the organization.
Automation of an interactive questionnaire and practice checklists guide the user through the assessment process. Users can collect and upload relevant data required for each practice or process while performing the assessment.
Cybersecurity personnel are automatically alerted of changes in the GUICE2 DL that impacts compliance status. These alerts show which assessment requirements have changed, enabling users to determine corrective action quickly.
Post-Assessment Reports: The CMMC Self-Assessment Console automatically generates three downloadable documents reflecting the result of your assessment.
Security Assessment Report (SAR). The SAR documents assessment results provide sufficient detail to guide appropriate actions by the organization. It also provides a disciplined and structured approach for documenting an in-house assessor’s findings and recommendations for correcting vulnerabilities in implementations of the security controls.
System Security Plan (SSP). An SSP reflects the assessment details, including specifics on each CMMC practice or process and how an organization plans to meet the requirements to address known and anticipated threats.
Plan of Action (POA). The POA report describes mitigation measures and action plans for implementing security policies that meet CMMC requirements.
Process Support Service
This service will align your new and existing cybersecurity policies, procedures, and plan with CMMC requirements and help identify gaps between them. Effective process development and sustainment within the 17 cyber domains is critical to your certification success. Our process support services make policy, procedure, and plan alignment to CMMC compliance data seamless.
Users can map their existing policies, procedures, and plans to the CMMC process templates and perform a gap analysis between current policies, procedures, plans, and CMMC process requirements.
We can integrate your policies and procedures with CMMC compliance data and provide timely notification when changes occur. Once notified, organizations can quickly mitigate the impact of the change and return to a compliant state. Our process templates simplify the development of CMMC complaint policy and procedure