CMMC 2.0 (Cybersecurity Maturity Model Certification) and required NIST 800-171 self-assessments present a more complex challenge to U.S. Department of Defense contractors and suppliers handling sensitive information that has safeguarding requirements by law, otherwise known as Controlled Unclassified Information (CUI).
Certification Assistant enables suppliers to understand each control, and the tools, processes, and policies needed to satisfy them in order to achieve full compliance with NIST 800-171 Rev 2 requirements. Moreover, because CMMC 2.0 Level 2 is built on NIST 800-171, Certification Assistant provides a bridge to prepare for CMMC 2.0 Levels 2 and 3 certification.
Benefits
Reduce the resource and operational burdens that accompany complex, dynamic regulatory requirements for cybersecurity. Certification Assistant helps by:
- Enabling cybersecurity evaluations through an intuitive, easy-to-use, and secure web interface
- Offering guidance and resources to assist throughout the evaluation process
- Providing a free 15-day subscription that addresses NIST 800-171, CMMC 2.0 Level 1, and upgrades to CMMC Standard for CMMC 2.0 Levels 2 and 3
Use Case
A mid-sized supplier has self-attested to NIST 800-171 compliance and is now attempting to comply with requirements to achieve CMMC 2.0 Level 2.
Challenge: Achieving NIST 800-171 compliance is a significant achievement in itself, and one made easier with Certification Assistant. As CMMC 2.0 becomes the new norm, DoD suppliers must deal with existing contracts requiring NIST 800-171, and new contracts requiring CMMC 2.0 certification. Suppliers will need assurance that existing efforts to maintain 800-171 documentation and compliance are not duplicated with the new CMMC 2.0 certification requirements.
Solution: With Certification Assistant, existing and ongoing efforts for NIST 800-171 controls are mapped to their corresponding CMMC controls. For example, Certification Assistant’s Access Control 3.1.1 is mapped to CMMC Level 1, Access Control 1.001. The supplier answers this control in Certification Assistant, and meets the criteria for both NIST 800-171 and CMMC. There’s no duplication of effort.