Description

CMMC Level 1 Readiness Assessment Service

Does your organization need help to start the CMMC Level-1? This assessment supports the current Defense Federal Acquisition Regulation Supplement (DFARS) and the Cybersecurity Maturity Model Certification (Level 1)requirements.  This turn-key solution by Servadus evaluates and validates the organization’s alignment with portions of NIST SP 800-171.

There are various assessments. The recommendation is to have external assessment and validation.   Organizations have other options to have an internal team for assessments and validations.

Level 1 is a fundamental requirement for handling Federal Contract Information (FCI).  The assessment questions and tests are based on NIST SP 800-171 r2.  The results provide a status of Level 1 practices and potential risks for “Not Met” responses.

What to expect

The assessment includes testing for all the “Practices” designed by the CMMC AB for CMMC Level 1.   Based on the artifacts, observations, and interviews, the assessor will determine if the “Practice” is “Met” or “Not Met.”   Your organization will upload the artifacts to the online assessment and GRC platform.  Next, the assessor will interview keeping personnel to determine their knowledge of the policies and processes.  The Servadus team will upload the interview sheets for external assessments as part of the assessment evidence.  Lastly, the assessor will complete the assessment before the Servadus team prepares the main and executive reports.

The specific experience differs when the assessment and validation are internal or external.   See each assessment type for more details.

After the response submission, our cybersecurity professionals will prepare a CMMC Level 1 Self-assessment Status Report based on the information provided and the validation comments.  We contact your organization in three business days to present the findings and discuss the follow-on steps to achieve compliance.

Once the order is complete, the project manager (PM)  will reach out within two business days to schedule a kickoff meeting.  Once the assessment is complete, the professionals at Servadus will reach out in two business days to schedule a time to present the outcome.  Additionally, we discuss the next steps and explore options for gaps meeting Level 1 Practices.

We recommend reading The Assessment Experience Blog.

Background CMMC

The number of breaches and their cost continues to rise.  Due to the extensive security measures implemented by the U.S. Department of Defense (DOD), threat actors find it hard to infiltrate DOD systems. Threat actors found a way to access DOD networks by targeting DOD contractors. CMMC aims to protect the DOD by ensuring that contractors have the necessary measures to prevent threat actors from using this avenue to access the DOD systems. By working together, the defense against malicious attacks will be more robust.

Other Services

Servadus has Certified Registered Practicers on staff to support the CMMC cybersecurity and compliance journey.   Our CMMC page outlines services for Levels 1 and 2.

Be in the know about your CMMC Compliance with Our CMMC Level 1 Self-Assessment.