CMMC Readiness

Understand your current cybersecurity program to prepare for CMMC certification and identify opportunities for improvement.
Cybersecurity Maturity Model Certification (CMMC) Assessment

What is the CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is a framework designed by the Department of Defense (DoD) to help protect controlled unclassified information within its supply chain. Developed by the DoD, federal stakeholders, and industry professionals, the CMMC provides the Defense Industrial Base sector with a clear set of cybersecurity standards and best practices to follow. Many DoD contractors will have to complete the CMMC prior to bidding on work in the coming months. Understanding the current state of your cybersecurity program and how it measures up against the CMMC framework is the critical first step in this process.

CMMC Domains

The CMMC maps controls and processes across five certification levels, ranging from “Basic Cybersecurity Hygiene” to “Advanced.” The CMMC encompasses 43 capabilities spread across 17 capability domains.

Access ControlConfiguration ManagementPersonnel Security
Asset ManagementIdentification and AuthenticationPhysical Protection
Awareness and TrainingIncident ResponseRecovery
Audit and AccountabilityRisk ManagementMaintenance
Security AssessmentSituational AwarenessSystem and Information Integrity
System and Comms. ProtectionMedia Protection

CMMC Readiness Assessment

Focal Point’s CMMC readiness assessment is built on industry-recognized security frameworks, including the NIST SP 800-171, NIST SP 800-53, Aerospace Industries Association (AIA) National Aerospace Standard (NAS) 9933, and Computer Emergency Response Team (CERT) Resilience Management Model (RMM) v1.2.*

Project Planning

During Phase 1, the Focal Point team collaborates with you to establish the scope for this assessment, as well as communication methods and a cadence for status reporting. Following this initial step, we coordinate document and interview requests with your team.

  • Clear engagement scope
  • Established communication methods
  • Document and interview requests

Program Analysis

Our team holds both on-site and remote discovery sessions with key stakeholders and subject matter experts within your organization. Following this step, our team builds a current state gap analysis of your policies, procedures, and technologies against industry standards.

Our assessment spans the CMMC’s five maturity levels and 171 technical practices to help you identify your growth areas, address key issues, and advance your program.

  • Analysis of the current condition of your IT infrastructure, business processes, and utilized technologies
  • Identified process inefficiencies and areas for improvement
  • Understanding of the confidentiality, integrity, and availability of business systems

Remediation Strategy

During this phase, we deliver a mapping your current program against the CMMC, which documents identified process inefficiencies and opportunities for improvement. These reports are accompanied by a roadmap for short-term and long-term cyber maturity.

In the final phase of this assessment, our team also communicates the findings of our analysis to your leadership team.

  • Preparations for the eventual CMMC certification process
  • Alignment between cybersecurity priorities and organizational objectives and policies
  • Improved decision-making around the level of risk associated with the current IT environment
  • More efficient resource allocation

Different from the Rest

At Focal Point, we take a different approach to managing cyber risk.

First in the Field

Since the CMMC was announced by the DoD, Focal Point has been researching its capability domains and process maturity models. Focal Point is one of the first to offer a comprehensive CMMC readiness assessment.*

Actionable Deliverables

Our cyber maturity assessment doesn't just point out your weaknesses and the urgent need for change. It provides clear, practical guidance for addressing key risks and improving your overall risk posture.

End-to-End Support

Focal Point provides you with end-to-end support. We have experts in IAM system implementation, cyber workforce training, and data privacy to help you improve all security domains.

* Please note that the CMMC and supporting compliance requirements have not been agreed upon nor published as final at this point in time. Focal Point can assist your organization with a gap analysis against the most current version of the CMMC requirements. Our assessments, and associated results, are not meant to serve as an attestation of compliance with the CMMC as the requirements for becoming a CMMC Third Party Assessment Organization (C3PAO) are not yet established.