Video Series: 6 Steps to CMMC Compliance
Welcome to PreVeil’s new video series, 6 Steps to CMMC Compliance. This series will provide defense contractors with a concise overview of the action they need to take in order to get started on CMMC.
Led by PreVeil’s own compliance officer Noël Vestal, the series will help you answer questions such as: What’s the 1st Step (it’s not a self-assessment) and how do I save money throughout the process?
Video #1: What is the first step in my compliance journey?
The first step that any defense contractor should take in their compliance journey is determine the level of CMMC their organization needs to meet.
This video explains where contractors should look for their CMMC level and what they will need to comply with for each level.
Video #2: How do I control my compliance costs?
The second step that any defense contractor should take in their compliance journey is managing the scope of their compliance environment and limiting where CUI resides.
This video explains the factors contractors should consider when determining their scope.
Video #3: How do I protect CUI?
The third step that defense contractors should take in their CMMC compliance journey is protecting their CUI. This is a key requirement of NIST 800-171 and is at the core of CMMC.
This video explains the technology and compliance factors contractors need to consider in choosing a platform to protect CUI.
Video #4: Documentation to protect CUI
The fourth step that defense contractors should take in their CMMC compliance journey is creating robust documentation that explains the policies and procedures the organization uses to protect CUI.
Documentation includes items such as a System Security Plan (SSP), Plan of Action and Milestones (POAMs), and the Customer Responsibility Matrix (CRM). The video also mentions the value of PreVeil’s pre-filled documentation in simplifying the compliance process.
Video #5: The Importance of a Self-Assessment
The fifth step that defense contractors should take in their CMMC compliance journey is ensuring they conduct a self-assessment against the NIST 800-171 requirements.
Self-assessment is not just a good idea, but a requirement stated in the FAR and DFAR.
Video #6: Will I need to hire a 3rd party to help me in my compliance journey
The sixth step that defense contractors should take in their CMMC compliance journey is to consider if they should hire a third party partner such as a Registered Practitioner (RP), Registered Practitioner Organization (RPO), MSP, MSSP or a C3PAO to help them with their compliance.
Hiring a 3rd party can be a smart business decision but it depends on your organization’s needs and budget.