CMMC Level 1 External Assessment

Description

CmmcCMMC Level 1 External Assessment Service

Does your organization need help to start the CMMC and NIST SP 800-171 journey?  Our External CMMC Level 1 assessment is for those that want help with CMMC Level 1 Certification.  Our Professional Services team leads the effort testing the practices based on NIST SP 800-171.  Additionally, they validate the provided artifacts and complete the assessment.  The CMMC Level 1 Assessment helps identify potential weaknesses and non-conformities.   Level 1 is a fundamental requirement for handling Federal Contract Information (FCI).  The assessment questions and tests are based on NIST SP 800-171 r2.  The results provide a status of Level 1 practices and potential risks for “Not Met” responses.

What to expect

The assessment includes testing for all the “Practices” designed by the CMMC AB for CMMC Level 1.   Based on the artifacts, observations, and interviews, the assessor will determine if the “Practice” is “Met” or “Not Met.”   Your organization will upload the applicable artifacts to the online assessment and GRC platform.  Next, the assessor will interview keeping personnel to determine their knowledge of the policies and processes.  After completing the interviews, the Servadus team will upload the interview sheets as part of the assessment evidence.

Lastly, the assessor will complete the assessment, review all the artifacts and prepare the main and executive reports.

The assessment coordination is done by the Servadus Project Manager using our online project planner.  The project management tool has a mobile app to track organizational tasks easily.

After the response submission, our cybersecurity professionals will prepare a CMMC Level 1 Self-assessment Status Report based on the information provided and the validation comments.  We contact your organization in three business days to present the findings and discuss the follow-on steps to achieve compliance.

Once the order is complete, the project manager (PM)  will reach out within two business days to schedule a kickoff meeting.  Once the assessment is complete, the professionals at Servadus with reach out in two business days to schedule a time to present the outcome.  Additionally, we discuss the next steps and explore options for gaps meeting Level 1 Practices.

Background CMMC

The number of breaches and their cost continues to rise.  Due to the extensive security measures that the U.S. Department of Defense (DOD) implemented, threat actors, find it hard to infiltrate DOD systems. Threat actors found a way to access DOD networks by targeting DOD contractors. CMMC aims to protect the DOD by ensuring that contractors have the necessary measures to prevent threat actors from using this avenue to access the DOD systems. By working together, the defense against malicious attacks will be more robust.

Other Services

Servadus has Certified Registered Practicers on staff to support the CMMC cybersecurity and compliance journey.   Our CMMC page outlines services for Levels 1 and 2.

 

Be in the know about your CMMC Compliance with Our CMMC Level 1 Self-Assessment.