Our Proven CMMC Process
Discovery
Identify key data, business processes, and technology. CMMC is about protecting data! Understanding which data to protect, how it flows in, is stored, used and flows out is critical to right-sizing your cybersecurity plan.
AXIOTROP will work with your team to:
-
Develop a high-level data flow diagram.
-
Implement a CMMC compliance platform (Future Feed) to provide CLIENT leadership with oversight and governance of all CMMC related activities in one place.
Cybersecurity Maturity
Posture Assessment
Our CMMC SMEs will assess the Cybersecurity Maturity Posture of your organization.
The CMPA will be based on the NIST SP-800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”
AXIOTROP will work with your team to:
-
Assess your organization on all NIST 171 controls and objectives.
-
Develop an updated network map, a list of all technology tools and services, a list of application vulnerabilities, and a detailed data flow diagram.
-
Create a detailed Plan of Action and Milestones (POA&M).
Define Projects
We create discrete projects from the POA&M, linking each item to one or more projects so you can see what work must be accomplished to achieve CMMC compliance.
AXIOTROP will work with your team to:
-
Create a project portfolio detailing project objectives, potential technology solutions, estimated labor time and costs, and all impacted CMMC controls.
-
Create a prioritized technology implementation plan, and high-level overview (roadmap) to CMMC Level 2 certification.
Remediations
We guide you through the prioritized technology implementation plan. Our scalable remediation approach allows you to move forward at the expense and time commitment rate that matches your needs.
AXIOTROP will work with your team to:
-
Develop a training plan to increase CMMC awareness.
-
Select the technology solutions for each project through a vendor agnostic analysis.
-
Implement technology upgrades and security controls in accordance with the project plans.
-
Document your system security plan (SSP) including policies, plans, procedures, and lists.
Validation
Prepare for the upcoming CMMC third party assessment. Our compliance software (Future Feed) tracks your requirements, documented SSP, and objective compliance evidence to put your assessor at ease right from the start.
AXIOTROP will work with your team to:
-
Collect and store evidence of cybersecurity maturity in Future Feed to demonstrate CMMC compliance.
-
Select a C3PAO through a vendor agnostic analysis.
-
Complete the C2PAO assessment process. Working side-by-side with your team to meet the assessors’ requirements as efficiently as possible to reduce time and cost to your organization.
Risk Management
CMMC compliance is a journey not a destination. As the organization grows, business processes and technologies change, items will be uncovered that need to be added to the POA&M to close gaps. The Risk Management process assures continuous improvement and CMMC compliance.
AXIOTROP will work with your team to:
-
Schedule and hold Risk Management meetings to identify and document continuous improvement efforts.
-
Risk Management meetings also provide evidence of compliance work and process maturity.
-
Test the Incident Response Plan.
-
Create commitment matrix with daily, weekly, monthly cadence.