Many SMBs that participate in DoD contracts—especially those that handle Controlled Unclassified Information (CUI)—have significant work ahead of them to prepare for a CMMC compliance audit. But with so many interrelated controls to consider, it can be hard to know where to even begin.
To share key insights, patterns and best practices from our work helping clients get CMMC Level 3 audit-ready, we debriefed John Verry, Pivot Point Security’s CISO and Managing Partner, on the six most significant challenges most SMBs will face on the path to CMMC Level 3 compliance.
The good news? Many DoD suppliers that have at least a moderately robust security practice today are probably doing most things right and may just need to focus and tune their program. The not-so-good news? DIB companies that have less robust cybersecurity programs today will find these six hurdles harder to clear. Creating plans, policies and documentation will likely be a significant part of the effort for many SMBs.
Issues John discusses include:
- The six areas of CMMC Level 3 where SMBs seem to be struggling the most
- Best practices for assessing and addressing the controls holistically
- Ways to balance cost and effort
- Successful strategies for introducing new controls to end users
- “Reading the tea leaves” on requirements for managing supply chain risk
If you have questions about what it will take for your business to get ready for CMMC, or if you just need to achieve “basic cyber hygiene” to build trust with customers and other stakeholders, this show will help you steer your course and increase your confidence.
To listen to this episode at any time, along with any of the prior episodes in The Virtual CISO Podcast series, visit this page.
About Pivot Point Security
Since 2001, Pivot Point Security has been helping organizations understand and effectively manage their information security risk. We work as a logical extension of your team to simplify the complexities of security and compliance. We’re where to turn—when InfoSec gets challenging.