Once you know the Maturity Level certification you will be pursuing, the next step is to evaluate your cybersecurity program against the CMMC Model. DoD’s estimates are that over sixty percent (60%) of their contractors will not handle CUI, and therefore will only need to be certified at Maturity Level 1. We created the initial version of our CMMC Gap Assessment Tool with them in mind. The tool helps you analyze your existing cybersecurity program, identify areas that may need attention, and create a plan of action for addressing those areas. The Gap Assessment Tool also helps you collect and catalog Objective Evidence needed during an assessment.
We recently updated the Gap Assessment Tool to address Maturity Levels 2 and 3 as well! You can download a copy of our Microsoft Excel-based tool below.