CMMC Compliance Checklist

The 17 domains of CMMC and how to be compliant.

Download the CMMC Compliance Checklist

Name*
This field is for validation purposes and should be left unchanged.

CMMC, mandated by the Department of Defense, is replacing the previous cybersecurity self-assessment process known as DFARS (Defense Federal Acquisition Regulations System), which made businesses contracted to work with the Department of Defense (DoD) responsible for their own compliance.

The CMMC model consists of 17 domains, or key sets of capabilities for cybersecurity. The majority of these CMMC domains originate from the security-related areas in the Federal Information Processing Standards (FIPS) Publication 200 and the related security requirement families from NIST SP 800-171.

Use our CMMC Compliance Checklist to learn about each of the 17 CMMC domains and how a COUPLE of GURUS can help DoD manufacturers to prepare for a CMMC audit and remain compliant.

img-compliance-risk

CMMC Compliance Checklist

How to Comply in a Nutshell

  • Establish system access requirements (who has access)
  • Control internal system access
  • Control remote system access
  • Limit data access to authorized users and processes

How a COUPLE of GURUS Helps

We will establish and maintain a domain structure which uniquely identifies users, enforces security and CUI policies, and controls local and remote access. We handle the IT onboarding and offboarding of employees and grant and revoke access to your information and systems, whether on-premises or in the cloud.

How to Comply in a Nutshell

  • Locate, identify and document/log company assets
  • Manage asset inventory

How a COUPLE of GURUS Helps

Our automated tools constantly poll your internet connected computers, servers, and network devices. Hardware and software inventories are provided on your schedule. We also track warranty and license expirations.

How to Comply in a Nutshell

  • Define audit requirements
  • Track users that have access to your CUI
  • Perform auditing
  • Identify and protect audit information
  • Review and manage audit logs

How a COUPLE of GURUS Helps

We will define your audit requirements, perform the audit, identify and protect your audit information, as well as review and manage your audit logs. We will maintain audited events for as long as you are a managed client.

How to Comply in a Nutshell

  • Conduct security awareness activities
  • Conduct training for all users

How a COUPLE of GURUS Helps

We provide monthly phishing prevention training and regular employee security awareness activities.

How to Comply in a Nutshell

  • Establish configuration baselines as a measure to judge the efficiency of your systems
  • Perform configuration and change management

How a COUPLE of GURUS Helps

We will establish your baseline configuration and perform configuration and change management tasks on an ongoing basis.

How to Comply in a Nutshell

  • Grant the proper level of access to users & entities inside and outside your organization

How a COUPLE of GURUS Helps

We can ensure only users and entities authorized by you have the credentials to access data and systems. We also handle all aspects of user account creation and maintenance.

How to Comply in a Nutshell in a Nutshell

  • Create an incident response plan
  • Detect and report events
  • Develop and implement a response to a declared incident
  • Perform post incident reviews
  • Test incident response to measure your preparedness in the event of an attack

How a COUPLE of GURUS Helps

We will help create an incident response plan and test the incident response plan. Then we will detect and report ongoing events, develop responses to declared incidents and help perform post incident reviews.

How to Comply in a Nutshell

  • Have a maintenance system in place to effectively operate your systems

How a COUPLE of GURUS Helps

System patches will be pushed on recurring weekly and monthly schedules. Zero-day vulnerabilities will be pushed within 24 hours.

How to Comply in a Nutshell

  • Identify and mark media
  • Protect and control media
  • Sanitize media
  • Protect media during transport

How a COUPLE of GURUS Helps

We can help identify and mark all media, put process in place to protect and control media, and sanitize and protect media for transport.

How to Comply in a Nutshell

  • Screen individuals prior to authorizing access to system containing CUI
  • Ensure that CUI is protected during and after personnel activity such as employee turnover or transfer

How a COUPLE of GURUS Helps

We provide customized onboarding and offboarding checklists to ensure your business process is reflected in user account management. Only designated client POCs can request changes to access.

How to Comply in a Nutshell

  • Limit & log physical access to your assets

How a COUPLE of GURUS Helps

While mainly a client activity, we can assist with system maintenance, vendor coordination, and best practice consulting.

How to Comply in a Nutshell

  • Manage backups
  • Manage information security continuity to mitigate lost data

How a COUPLE of GURUS Helps

We can automate backups on the schedule that meets your needs, by either adapting your existing systems to comply with CMMC or implementing a new, compliant system.

How to Comply in a Nutshell

  • Identify and evaluate risk
  • Manage risk
  • Manage supply chain risk

How a COUPLE of GURUS Helps

We can create risk management plans that include periodic risk assessments and vulnerability scanning, as well as offer custom consulting for specific risk mitigation strategies and actions.

How to Comply in a Nutshell

  • Develop and manage a system security plan (SSP)
  • Define and manage controls
  • Perform code reviews

How a COUPLE of GURUS Helps

We can create or update your SSP/POAM as part of a CMMC Audit & Compliance Preparation project.

How to Comply in a Nutshell

  • Implement threat monitoring

How a COUPLE of GURUS Helps

Managed Endpoint Detection & Response (EDR) and Incident Detection & Response (IDR) with our 24/7 SIEM/SOC solution allows for rapid detection and mitigation of threats to your environment.

How to Comply in a Nutshell

  • Define security requirements for systems and communications
  • Control communications at system boundaries

How a COUPLE of GURUS Helps

We help define your requirements and then implement the tools, technologies, and processes to protect your systems whether on-premise or in the cloud - especially important in today's remote workforce.

How to Comply in a Nutshell

  • Identify and manage information system flaws
  • Identify malicious content
  • Perform network and system monitoring
  • Implement advanced email protections

How a COUPLE of GURUS Helps

Vulnerability scans and remediation, Endpoint Detection & Response (EDR), Incident Detection & Response (IDR), and cloud-based email protections block malicious content, monitor your network, and alert our 24/7 SOC and Help Desk of any suspicious behavior.

We can help

img-compliance-help
icon-compliance-help-get-in-touch

Request a CMMC Consultation

a COUPLE of GURUS are experts in facilitating cybersecurity and CMMC regulatory compliance, and we are always available for a free consultation. We can answer your questions and clarify your options. Most importantly, we can guide you through the creation of your own CMMC compliance program that will make your organization compliant.

Download the CMMC Compliance Checklist

Name*
This field is for validation purposes and should be left unchanged.