Cybersecurity Maturity Model Certification (CMMC) Assessment

Understand your current cybersecurity program to prepare for CMMC certification and identify opportunities for improvement.
Cybersecurity Maturity Model Certification (CMMC) Assessment

What is the CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is a framework designed by the Department of Defense (DoD) to help protect controlled unclassified information within its supply chain. Developed by the DoD, federal stakeholders, and industry professionals, the CMMC provides the Defense Industrial Base sector with a clear set of cybersecurity standards and best practices to follow. Many DoD contractors will have to complete the CMMC prior to bidding on work in the coming months. Understanding the current state of your cybersecurity program and how it measures up against the CMMC framework is the critical first step in this process.

CMMC Domains

The CMMC maps controls and processes across five certification levels, ranging from “Basic Cybersecurity Hygiene” to “Advanced.” The CMMC encompasses 43 capabilities spread across 17 capability domains.

Access ControlConfiguration ManagementPersonnel Security
Asset ManagementIdentification and AuthenticationPhysical Protection
Awareness and TrainingIncident ResponseRecovery
Audit and AccountabilityRisk ManagementMaintenance
Security AssessmentSituational AwarenessSystem and Information Integrity
System and Comms. ProtectionMedia Protection

Learn more about the CMMC capability domains and maturity levels on our blog.

Learn More

CMMC Readiness Assessment

Focal Point’s CMMC readiness assessment is built on industry-recognized security frameworks, including the NIST SP 800-171, NIST SP 800-53, Aerospace Industries Association (AIA) National Aerospace Standard (NAS) 9933, and Computer Emergency Response Team (CERT) Resilience Management Model (RMM) v1.2.*

Project Planning

During Phase 1, the Focal Point team collaborates with you to establish the scope for this assessment, as well as communication methods and a cadence for status reporting. Following this initial step, we coordinate document and interview requests with your team.

  • Clear engagement scope
  • Established communication methods
  • Document and interview requests

Program Analysis

Our team holds both on-site and remote discovery sessions with key stakeholders and subject matter experts within your organization. Following this step, our team builds a current state gap analysis of your policies, procedures, and technologies against industry standards.

Our assessment spans the CMMC’s five maturity levels and 171 technical practices to help you identify your growth areas, address key issues, and advance your program.

  • Analysis of the current condition of your IT infrastructure, business processes, and utilized technologies
  • Identified process inefficiencies and areas for improvement
  • Understanding of the confidentiality, integrity, and availability of business systems

Remediation Strategy

During this phase, we deliver a mapping your current program against the CMMC, which documents identified process inefficiencies and opportunities for improvement. These reports are accompanied by a roadmap for short-term and long-term cyber maturity.

In the final phase of this assessment, our team also communicates the findings of our analysis to your leadership team.

  • Preparations for the eventual CMMC certification process
  • Alignment between cybersecurity priorities and organizational objectives and policies
  • Improved decision-making around the level of risk associated with the current IT environment
  • More efficient resource allocation

Different from the Rest

At Focal Point, we take a different approach to managing cyber risk.

First in the Field

Since the CMMC was announced by the DoD, Focal Point has been researching its capability domains and process maturity models. Focal Point is one of the first to offer a comprehensive CMMC readiness assessment.*

Actionable Deliverables

Our cyber maturity assessment doesn't just point out your weaknesses and the urgent need for change. It provides clear, practical guidance for addressing key risks and improving your overall risk posture.

End-to-End Support

Focal Point provides you with end-to-end support. We have experts in IAM system implementation, cyber workforce training, and data privacy to help you improve all security domains.
Have a question?

Contact Us

Focal Point is excited to take on your biggest data risk challenges. Please complete this short form and we will get in touch with you.

Featured Insights

Recommended reading for those looking to explore the world of cybersecurity.
Cybersecurity Maturity Model Certification (CMMC) Assessment 2
Blog

How to Get Started on the DoD's CMMC Certification

Adapted from industry-recognized frameworks, the CMMC represents a unified cybersecurity standard required for all contractors hoping to do work with the DoD. In this post, we’ll take a closer look at the CMMC...
Learn More
CMMC Myths
Blog

Debunking Common CMMC Myths

The DoD is still developing the full compliance process for the CMMC, but requests for proposals (RFPs) requiring certification will roll out in September. This has created a lot of confusion among contractors...
Learn More
Blog

3 Key Risks Threatening Cloud Security in 2020

Gartner estimates that 99% of cloud security failures through 2025 will be customers’ fault. Customizing cloud systems and applications – a necessary step for many integrations – alters the security of the...
Learn More

* Please note that the CMMC and supporting compliance requirements have not been agreed upon nor published as final at this point in time. Focal Point can assist your organization with a gap analysis against the most current version of the CMMC requirements. Our assessments, and associated results, are not meant to serve as an attestation of compliance with the CMMC as the requirements for becoming a CMMC Third Party Assessment Organization (C3PAO) are not yet established.