CMMC Self Assessment - SPRS

One of the modifications brought about by CMMC 2.0 was the approval for some organizations to conduct a self-assessment to attain Level 1, for organizations working with FCI alone or managing CUI that is not important to national security.

SteelToad can help guide and support organizations pursuing a self- assessment to obtain CMMC Level 1. The process will necessitate a review of the organization’s infrastructure, against only 17 practices within the CMMC 2.0. The self-assessment for CMMC 2.0, Maturity Level 1 must be completed annually, and the results must be documented and posted on the SPRS website. To maintain the process’s integrity, senior management must sign off on the self-assessment.

SteelToad can help lead your organization through a self-assessment to:

• Define terms and CMMC practices

• Defines the CMMC Assessment methodology

• Describes and defines “Objects”, “Criteria”, “Processes”, “Findings”

• Provides detailed information on self-assessment guidance and requirements.

• Describes how self-assessment relates to the CMMC 2.0 practices.

• Defines how a CMMC 2.0 model assessment focuses on data, not the size or structure of an organization.

• Defines the scope of the self-assessment and provides additional resources for the organization.

A self-assessment for CMMC Level 1 must encompass the following six domains and (17 practices):

The domains include:

• Access Control

• Identification and Authentication

• Media Protection

• Physical Protection

• System and Communication Protection

• System and Information Integrity