Sign up to save your podcasts
Or
Share 22 - Preparing for CMMC the Right Way: A Q&A Deep Dive
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
22 - Preparing for CMMC the Right Way: A Q&A Deep Dive
In this Q&A-style episode, we revisit the CMMC landscape following the implementation of the rule and the finalization of the Title 48 procurement rule. We break down what's changed, how CMMC requirements are phased into contracts and most importantly, the types of CMMC services available to help you take your next best step.
We dive into boundary identification and definition, gap analysis/assessment, documentation support, readiness assessments, and formal Level 2 C3PAO assessments, along with key questions you should ask service providers to avoid confusion and unnecessary costs.
Whether you're just starting out or preparing for assessment, this episode is designed to help you better navigate CMMC confidently and with clarity.
References
- Episode 11 – CMMC Rollout Q&A
- Phased Implementation of CMMC (each one year in length)
- Phase 1: Level 1 and Level 2 self-assessments; possibility of Level 2 C3PAO
- Phase 2: Level 2 C3PAO for initial contract award; possibility of Level 3 and Level 2 C3PAO for option year awards
- Phase 3: Level 2 C3PAO for option year awards; Level 3
- Phase 4: Level 3 and full implementation across all contracts
- Key questions to ask CMMC service providers
- Does the assessment allow me to still leverage you as a C3PAO?
- Does the assessment mimic a full formal assessment, including all evidence collection? This is important, as some only include interviews and live demonstrations, but do not include formal evidence gathering.
- Can I use evidence collected in one of these preparatory assessments during my formal assessment? Generally, the answer is yes, but a good rule of thumb is that the evidence shouldn't be more than 90 days old during a formal assessment.
- Do you offer a scoped preparatory assessment? Alternatively, you may want to only cover the controls for which a POA&M is not allowed. Ask if these are a possibility. They'll save you money, time, and give you the peace of mind you're looking for.
- Contact the Kratos CMMC team
- Cape Endeavors
View all episodes
By KratosIn this Q&A-style episode, we revisit the CMMC landscape following the implementation of the rule and the finalization of the Title 48 procurement rule. We break down what's changed, how CMMC requirements are phased into contracts and most importantly, the types of CMMC services available to help you take your next best step.
We dive into boundary identification and definition, gap analysis/assessment, documentation support, readiness assessments, and formal Level 2 C3PAO assessments, along with key questions you should ask service providers to avoid confusion and unnecessary costs.
Whether you're just starting out or preparing for assessment, this episode is designed to help you better navigate CMMC confidently and with clarity.
References
- Episode 11 – CMMC Rollout Q&A
- Phased Implementation of CMMC (each one year in length)
- Phase 1: Level 1 and Level 2 self-assessments; possibility of Level 2 C3PAO
- Phase 2: Level 2 C3PAO for initial contract award; possibility of Level 3 and Level 2 C3PAO for option year awards
- Phase 3: Level 2 C3PAO for option year awards; Level 3
- Phase 4: Level 3 and full implementation across all contracts
- Key questions to ask CMMC service providers
- Does the assessment allow me to still leverage you as a C3PAO?
- Does the assessment mimic a full formal assessment, including all evidence collection? This is important, as some only include interviews and live demonstrations, but do not include formal evidence gathering.
- Can I use evidence collected in one of these preparatory assessments during my formal assessment? Generally, the answer is yes, but a good rule of thumb is that the evidence shouldn't be more than 90 days old during a formal assessment.
- Do you offer a scoped preparatory assessment? Alternatively, you may want to only cover the controls for which a POA&M is not allowed. Ask if these are a possibility. They'll save you money, time, and give you the peace of mind you're looking for.
- Contact the Kratos CMMC team
- Cape Endeavors