The Difference and Value of a CMMC Pre-Assessment and Gap Analysis


Earlier this year, the U.S. Department of Defense (DoD), along with many volunteers from the Cybersecurity Maturity Model Certification (CCMC) Accreditation Body, began building the CMMC ecosystem.

Cybersecurity Maturity Model CertificationCask developed two of their offerings geared towards CMMC to assist clients who may not understand the CMMC requirements. These efforts are being led by Stacy High-Brinkley, Senior Director of Compliance Solutions and Services and Certified Provisional Assessor #9. For those that feel they have a good security posture with NIST 800-171 compliance and are nearing ML3, the gap analysis provides an overview of where they are and where they need to be as it relates to the specific requirements of CMMC. A pre-assessment would benefit those that are currently not in compliance with NIST 800-171 or are not sure of the CMMC requirements. The value of both of these offerings is the fact that it reduces cost and time when it comes to the formal assessment while giving companies a better idea of their security posture and what they need to do to achieve the appropriate Maturity Level. Remember, CMMC is a Pass/Fail.

The CMMC includes five maturity levels that reflect the reliability of a company’s cybersecurity infrastructure to safeguard sensitive government information that a contractor stores, transmits or receives. The five levels are tiered and build upon each other’s technical requirements. Each level requires compliance with the lower-level requirements and the processes in place to implement specific cybersecurity-based practices.

Contact Us

Contact Cask for a CMMC pre-assessment or Gap Analysis. Cask is a government contracting firm based in Stafford, VA, delivering business and technology advisory and consulting services to help our customers achieve success. Founded in 2004, Cask saw the need to help clients use and unlock the value of technology in more efficient and cost effective ways. Cask consultants consider the bigger picture and determine how greater value can be created by aligning IT strategy with the overall mission strategy.


Related Posts