Below you can download a DFARS/NIST 800-171/CMMC Compliance Checklist which lists the Core components necessary to meet cybersecurity requirements. The checklist includes the following:
- CONTROLLED UNCLASSIFIED INFORMATION DISCOVERY – You’ll need a baseline of risk to make decisions on implementing controls. In addition, you need to define your accreditation boundary and conduct an inventory of all systems and personnel with access to Controlled Unclassified Information (CUI) data.
- ADVISORY SERVICES-Consult with Registered Provider Organization for Gap Analysis and Remediation efforts.
- GAP ANALYSIS-Conduct a Gap Analysis using NIST SP 171/CMMC Control Families to uncover deficiencies and Roadmap.
- BUDGET CONSIDERATIONS-There are additional costs that an Organization will incur for Infrastructure enhancement, segmentation of the network, and deployment of new tools.
- REMEDIATION OF GAPS-Once your gap assessment is complete, your organization is ready to start closing gaps. While this seems straightforward, many of the requirements can be complex and costly to implement especially on a large scale.
- 72 HOUR CYBER INCIDENT REPORTING OBLIGATIONS
- CMMC ASSESSMENT
- CONTINUOUS MONITORING -Conduct in-house compliance and operational tasks to maintain compliance.
NIST 800-171/CMMC Compliance Project can be complex. Contact CKSS at firstname.lastname@example.org or 443-459-1589 to make sure you have everything in place and for support in developing a mature security program. This NIST 800-171/CMMC Compliance Checklist is composed of general information about NIST 800-171/CMMC and does not qualify as legal advice. Consult with your Legal Counsel and other Stakeholders on the Roadmap to NIST 800-171 Compliance.