Learn More About CMMC and NIST Compliance
Check out some of our technology and DOD cybersecurity articles.
Contact us
About SSE
SSE is a certified Women-Owned Small Business with over 30 years of experience in both the technology and training industries, serving commercial and government markets.
When preparing for NIST 800-171 and Cybersecurity Maturity Model Certification (CMMC) Compliance, taking the guesswork out of your organization’s preparedness is a must and can prevent hefty penalties.
Below we’ll discuss what you can expect from SSE’s NIST 800-171 and CMMC Gap Assessment process and what you can do to prepare for your certification audit.
What is a Gap Assessment?
SSE’s NIST 800-171 and CMMC Level 2 Gap Assessment is a detailed evidence collection, assessment and analysis of a company’s existing environment and its readiness state for an audit or assessment submission.
The output is the identification and documentation of all gaps in the form of a complete Security Assessment Report (SAR) that includes the following deliverables:
With the completion of the Gap Assessment, SSE would be able to recommend potential and customized remediation solutions as needed to assist your organization in meeting compliance.
How long does a CMMC Gap Assessment take?
Several factors affect the time to perform a CMMC Gap Assessment, including your company environment, the number of active directory domains, locations, the availability of resources and input, and your current security posture.
However, it is typically a four-week engagement, requiring granular evidence collection and review of the following:
Why is NIST 800-171 and Gap Assessment important?
A NIST 800-171 and CMMC Gap Assessment is critical in the compliance process, helping you understand which security controls need adjusting or adopting to meet compliance requirements.
A Gap Assessment can uncover weak spots in your organization’s security practices, such as:
What to expect during a CMMC Gap Assessment?
During the Gap Assessment, which SSE can conduct onsite, remotely, or both, organizations should expect the following:
Examples include:
Examples include:
Examples include:
Next Steps After a NIST 800-171 and CMMC Gap Assessment
Following a Gap Assessment, you’ll know exactly where your organization stands on NIST 800-171 and CMMC compliance. Also, you’ll have the documentation needed to support a NIST 800-171 basic assessment score and submission to the DoD’s Supplier Performance Risk System (SPRS).
SSE can then assist with recommendations and solutions to assist with the remediation of gaps, or we can do it for you!
When You’re On the Road to Compliance, Let SSE Be Your Guide
No matter where you are on the road to compliance, SSE has the expertise to help your organization become compliant. SSE has been accredited by The CYBER AB (formerly the CMMC Accreditation Body) as a Registered Provider Organization (RPO). Our team is up to speed on the latest changes and upcoming CMMC implementation.
If you are still determining where you are in the process, contact our team for an initial consultation to discuss how our NIST 800-171 and CMMC Gap Assessment could help your 2023 planning.