10 Super Simple Steps for CMMC

Here is your map to CMMC Certification!

Step 1: Take The Shortcut

For you Netflix addicts (who isn’t after this year?), you can shortcut this article and watch our CEO, Lily Yeoh’s latest TV interview here

Lily Yeoh, CEO & Founder of CyberOne

Who’s (Whose?) on CMMC First?

Let’s begin with the landscape. Who requires and who needs CMMC Certification? How do we get it? How do we maintain it? How do we build a budget for it? What is the CMMC required NIST 800–171 Control Self Assessment and SSP for SPRS?

Who’s asking? Not only DoD Contracts…

It started with the DoD, but, like a virus (!), it quickly grew. Earlier in 2020, the Department of Homeland Security (DHS) is already including CMMC in its contract process. GSA is the latest to introduce CMMC language into its contract process. GSA notes it reserves the right to require CMMC in its contracts, based upon the contract and security needs. Read more about GSA and CMMC here

Who responds? Prime and Subcontractors, and so on…

DIB’s and all subcontractors are required to be CMMC certified. This also includes the completion of the NIST 800–171 Self Assessment and a Control Mapped SSP. These must be submitted (with score) and displayed in the SPRS (Supplier Performance Risk System). “Quick tip”: It’s pronounced “Spurs” in the industry! The more you know…

What do we do now?

CyberOne’s full suite GRC platform enables you to complete every step of the CMMC Certification process. We provide you all the tools and information you need to achieve and maintain certification on CyberOne’s highly automated, modern SaaS platform. Before you engage an MSP or consultant, check out what we can do for you. Request a demo today.

  • NIST 800–171 Control Self Assessment, SSP (see more below)
  • Policy Development Support
  • CMMC Control development and implementation guidance (level 1–3)
  • Automated Evidence Collection and review
  • Mitigation and Issue Management for POA&M’s, Findings and Risk Environment
  • Risk Register for proactive risk management
  • Vulnerability Scans & Analysis
  • Auditor-ready platform that can be used in collaboration with C3PAO’s for Certification

NIST 800–171 Control Self Assessment

Required as a starting point for all Primes and Subcontractors. Start with our fully automated CMMC required NIST 800–171 Control Self Assessment, risk score, and controls mapped to your SSP, and report-ready for submission to the SPRS. CyberOne’s platform. Add your subcontractors for assessment, starting at only $350 per assessment. Your assessment is mapped to CMMC controls in CyberOne so you can begin CMMC readiness as soon as the assessment has been completed.

CMMC Certification and More

The key to successful compliance, and the challenge, for most enterprises, is the maintenance and effective, ongoing, implementation of controls, often across multiple frameworks. We call this continuous monitoring.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
CyberOne Security

CyberOne Security

CyberOne is modern SaaS GRC automation for all-size companies. For CMMC, SOC 2, ISO, HIPAA compliance, risk, vendor, issue, incident management and more.