SightGain Logo
  • Company
    • About
    • Team
    • News
    • Contact Us
  • Products
    • SightGain Readiness Platform
    • Live Fire Training Module
    • Risk Analysis Module
  • Solutions
    • Security Posture Management
    • SOC Performance Evaluation
    • Automated Compliance and Framework Assessment
    • Security Staff Training
  • Resources
  • Blog
  • Get a Demo
  • Company
    • About
    • Team
    • News
    • Contact Us
  • Products
    • SightGain Readiness Platform
    • Live Fire Training Module
    • Risk Analysis Module
  • Solutions
    • Security Posture Management
    • SOC Performance Evaluation
    • Automated Compliance and Framework Assessment
    • Security Staff Training
  • Resources
  • Blog
  • Get a Demo
SightGain Logo

How to Prepare For and Automate CMMC 2.0 Compliance

November 7, 2021 | by Christian Sorensen

Automating CMMC 2.0 compliance is going to be key to broad implementation. Last week the Department of Defense announced CMMC 2.0. The new version simplifies the approach by mapping 3 levels (Foundational, Advanced, and Expert). CMMC 2.0 also streamlines control mapping to the NIST standards for Advanced (NIST SP 800-171) and Expert levels (NIST SP 800-172). CMMC 2.0 also eliminates the maturity levels that were used in the first version of the model. Left unanswered however where the answers to the questions: How do I Prepare for CMMC 2.0 Compliance? And do I automate CMMC 2.0 compliance?  

Preparing for CMMC 2.0 — What are the Controls?

While the DoD announced the revised program, they did not release updated controls for CMMC Foundational, Advanced, and Expert controls. Instead they advised that Level 1 (Foundational) would remain the same as CMMC 1.0, while Level 2 (Advanced) would mirror NIST 800-171 and Level 3 (Advanced) would map to a subset of NIST 800-172. For practical matters, the specific mappings were left out. 

For us, the control mappings are the key to using the framework. So we took DoD’s guidance and updated the anticipated mappings in a spreadsheet. This mapping enables organizations to feed tool that can automate CMMC 2.0 compliance.

CMMC Version 2.0 Spreadsheet

CMMC Version 2.0 PDF

How do I Automate CMMC 2.0 Compliance?

Many of the organizations that will need Level 3 (Expert) certification, will need to first adhere to NIST SP 800-172 controls. Careful analysis of these controls that a majority (85 of 110) are technical controls. The good news here is that the majority of these technical controls can be validated and proven effective through automated testing. Our analysis shows that over 60% of all CMMC 2.0 Level 3 controls can be tested through automated assessment tools, including nearly 80% of the technical controls. Automated testing is a real time and resource saver allowing organizations to complete assessments 4-12X faster using 25% of the people.  This gives organizations the opportunity to streamline their compliance and reporting requirements by automating CMMC 2.0 compliance by mapping the framework into risk assessment tools and breach and attach solutions that are likely already deployed in a number of locations.  This approach opens the door for continuous compliance testing and monitoring that can lead to even more personnel and resource savings over time.

 

Share Post
Cybersecurity Awareness Month:...
Cybersecurity analyst looking at performance analytics
SightGain Founder, Christian S...

Latest Posts

  • SightGain Adds to Advisory Board to Lean into Commercial Growth

    David Neuman joins SightGain’s Board of Advisors Fulton, MD ‒ July 5, 2022 ‒ SightGain, the ...
  • How to Evaluate Your Cybersecurity Analysts Using the MITRE ATT&CK Framework

    A Revolution for On-the-Job Cyber Training A few years ago, when I was presenting at a ...
  • The Importance of Cybersecurity Training Standards

    Neither external cybersecurity training programs nor current on-the-job methods are getting it done. Solar Winds. Keseya. ...
  • The Real Truth About Cybersecurity Readiness

    The signs are clear: the cybersecurity status quo is not working. Despite adopting new solutions and ...
See All >
  • 1
  • 2
  • 3
  • 4
  • 5
  • >>

Tysons Corner, VA | Cincinnati, OH

info@sightgain.com

(719) 582-6278








Company

About
Team
News
Contact

Products

SightGain Readiness Platform
– Live Fire Training Module
– Risk Analysis Module

Resources

Blog

Solutions

Platform Overview
Security Staff Training
Automated Compliance and Framework Assessment
SOC Performance Evaluation
Security Posture Management

Get A Demo

Privacy Policy

©2022 SightGain

©2022
SightGain | Privacy Policy
Get a Demo