At DataSoftNow, we are frequently approached to conduct CMMC 2.0 Level Certification assessments, often through the Joint Surveillance Voluntary Assessment (JSVA) program. In these initial discussions, everything usually appears to be in order. I always take a moment to commend the team for their hard work in preparing for CMMC certification—it’s a long and challenging process.
During one of my early meetings, I made a casual comment: "I can't imagine how challenging it must have been to get everyone used to not accessing any URL because the IT team blocked all outbound traffic, allowing exceptions only." The CEO and the IT lead exchanged concerned looks. This reaction made me suspect there might be an issue.
To probe further, I mentioned the Shared Responsibility Matrix they had to compile, especially with over five external service providers and cloud service providers involved. When I was met with silence, I realized we had a problem. I then informed them that I could no longer perform their CMMC certification assessment but could assist as a consultant to help them get prepared for it. They were understandably frustrated, having recently invested a significant amount of money in a cybersecurity company to reach this point.
We agreed to perform a Gap Assessment, and unfortunately, the results were not favorable.
It’s important to clarify that I am not suggesting that MSPs or cybersecurity companies lack the expertise to implement CMMC 2.0 objectives. On the contrary, they are often highly skilled—sometimes more so than myself. However, achieving CMMC 2.0 Level 2 certification with its 320 objectives is an enormous undertaking. It demands meticulous attention to detail in both information technology systems and cybersecurity controls. It’s all about the details.
Yes, DataSoftNow is a C3PAO capable of performing your certification assessments, but we can also serve as your consultant and external service provider. If we assist you in preparing for certification, we will help you find another C3PAO to conduct your assessment. Our ultimate goal is to ensure you reach the finish line successfully.
DataSoftNow has achieved a "MET" score for CMMC 2.0 Level 2 requirements, and we are committed to helping your organization do the same.