1- Avoiding CMMC Certification Failures

August 14, 2024

Certified CCA

The Critical Role of a Certified CMMC Assessor (CCA)

 

Importance of a CMMC 2.0 Level Certification

At DataSoftNow, we are frequently approached to conduct CMMC 2.0 Level Certification assessments, often through the Joint Surveillance Voluntary Assessment (JSVA) program. In these initial discussions, everything usually appears to be in order. I always take a moment to commend the team for their hard work in preparing for CMMC certification—it’s a long and challenging process.

Certified CMMC Assessor (CCA) guiding a company through CMMC 2.0 Level Certification

 

Challenges Faced Without a Certified CMMC Assessor (CCA)

During one of my early meetings, I made a casual comment: "I can't imagine how challenging it must have been to get everyone used to not accessing any URL because the IT team blocked all outbound traffic, allowing exceptions only." The CEO and the IT lead exchanged concerned looks. This reaction made me suspect there might be an issue.

 

CMMC Certification Failures due to lack of a Shared Responsibility Matrix.
Lack of a Shared Responsibility Matrix.

To probe further, I mentioned the Shared Responsibility Matrix they had to compile, especially with over five external service providers and cloud service providers involved. When I was met with silence, I realized we had a problem. I then informed them that I could no longer perform their CMMC certification assessment but could assist as a consultant to help them get prepared for it.  They were understandably frustrated, having recently invested a significant amount of money in a cybersecurity company to reach this point.

 

We agreed to perform a Gap Assessment, and unfortunately, the results were not favorable.

 

DataSoftNow conducting a CMMC Gap Assessment for compliance preparation.
CMMC Gap Assessment

The Role of a C3PAO in CMMC Certification

It’s important to clarify that I am not suggesting that MSPs or cybersecurity companies lack the expertise to implement CMMC 2.0 objectives. On the contrary, they are often highly skilled—sometimes more so than myself. However, achieving CMMC 2.0 Level 2 certification with its 320 objectives is an enormous undertaking. It demands meticulous attention to detail in both information technology systems and cybersecurity controls. It’s all about the details.

 

Preparing for CMMC Certification with DataSoftNow

Yes, DataSoftNow is a C3PAO capable of performing your certification assessments, but we can also serve as your consultant and external service provider. If we assist you in preparing for certification, we will help you find another C3PAO to conduct your assessment. Our ultimate goal is to ensure you reach the finish line successfully.

 

DataSoftNow has achieved a "MET" score for CMMC 2.0 Level 2 requirements, and we are committed to helping your organization do the same.

 

Department of Defense & CMMC

By Thomas Nohs
Categories:
Tags: