iVenture : 20 Years of Business Friendly IT

What Businesses Owners Need to Know About CMMC, IT & Getting It Right The First Time

If CMMC is on your mind, here’s what to know before it becomes the bane of your business. Learn about the the 4 pillars for CMMC compliance.

What Business Owners Need to know aboutCMMC, IT & Getting It Right The First Time

“Is my IT ready for CMMC?”, “Where does my team need to start?”, “What’s part of getting IT-ready for compliance?”

We’re hearing these questions more frequently as CMMC rolls out. To prepare businesses for this new certification, we’re sharing insider knowledge. 

CMMC is a hot topic across our clients and prospects right now. The general consensus is IT isn’t 100% ready for this.  With our current clients, it’s become a big part of our annual technology roadmap to help get ahead.

And, we’re hearing from many potential clients that their internal IT departments or MSPs are behind and overwhelmed getting ready for this. Here’s what we see as the path to IT success for business with between 20 and 500 users.  

First – The Quick Background on CMMC 

The CMMC or Cybersecurity Maturity Model Certification is a Department of Defense undertaking that all government contractors must pass.  

  • Businesses without compliance risk losing government contracts and clients  
  • CMMC rollout begins in September and continues through the end of 2020  
  • The audit reviews cybersecurity hygiene at five different levels  
  • It can take up to 6 months to 1 year to become compliant  
  • Proper cybersecurity hygiene is key to passing compliance 

Learn more about the CMMC here.  

Why Do Businesses Care Now?

Unlike past compliance certs, the CMMC can cost businesses real money.

A common issue we see is overwhelmed IT. Whether it’s in-house IT or an outsourced provider, many users report backlogged projects and slow support. 

Now add CMMC to the mix. IT isn’t going to improve unless a solid foundation is built. Here’s what to do. 

The 4 Pillars For CMMC Compliance  

In our line of work, we see a broad spectrum of compliance steps towards CMMC. We took a few minutes to summarize the key components that set the stage for successful CMMC compliance.

Pillar 1: Standards

Businesses that build IT around defined and accepted standards are better prepared for CMMC. Standards are the foundation for any secure IT environment. Having well-established standards positions businesses better for the audit. This includes: 

  • Assessing the current IT environment for weaknesses (try PEN testing)
  • Aligning IT with the standards outlined in the different levels of CMMC and identifying gaps 
  • Having a living roadmap – updated regularly– to review progress 
  • Documentation of the standards in place and on the roadmap 

Learn How IT Standards Can Make Or Break CMMC Compliance

Pillar 2: Mature Service Operation

IT operational maturity is key to building a solid IT foundation for CMMC compliance.  In organizations that are closer to (or meeting) CMMC compliance we see a strong focus in the following areas: 

  • An established ITIL service delivery process 
  • Strong change management processes (plan, test, deploy, QC) 
  • Well defined user support roles (help desk, desktop support) 
  • Well-documented networks & support knowledge 

Learn Why A Mature Service Operation Matters for CMMC

Pillar 3: Security in DNA  

For CMMC compliance especially, cybersecurity is a critical component. When building a solid IT foundation, businesses include the following cybersecurity protocols: 

  • Strict tracking & reporting 
  • Secure data encryption 
  • Admin access monitoring & management 
  • Thorough background checks on all personnel 
  • Two-factor authentication user management 

Learn if Cybersecurity Encoded In Your Business DNA

Pillar 4: Execution Capability  

A top issue for IT departments is execution. The ability to start, finish and adjust projects is slowed by a lack of resources. We see businesses drowning in IT issues because no one has enough time or support. The signs of IT burn out are: 

  • Working long hours/weekends  
  • No bandwidth to start projects  
  • Start projects but can’t finish  
  • 4,000 loose ends  

When IT is burned out, the certification will be an even bigger hassle. The solution is bandwidth – time and space to focus on getting compliant.   

For many businesses, extra bandwidth comes from outsourced IT. Where could your business use a boost? 

Planning Testing Execution Quality Assurance Formal Project Closure 

Consider This About CMMC

If it seems like the DoD is taking CMMC more seriously than past certifications, like NIST SP 800-171, it’s because they are.  

In fact, CMMC came about because NIST standards weren’t strong enough alone to stop major security breaches. Take these three recent examples:  

  1. Access to Virginia government contractor sold by Russian cyber criminals  
  2. “Team Snatch” demands ransom; leaks contractor information on the dark web  
  3. DISA data breach exposes personal information of 200,000 people  

The Good News With CMMC

Businesses can prevent these incidents with strong cybersecurity hygiene and a solid IT foundation. It starts with a second opinion from a trusted IT source. When businesses have an unbiased picture of their IT strengths and struggles, improvement can begin. 

If you’re unsure about your current IT strategy around CMMC, we may be able to help get you on the right track. Let’s talk about it.

How Can We Help You?


Back to Blog

Recommended For You


Latest Article

Anatomy of a Cybersecurity Attack: A real-life account of what happens before, during and after

Anatomy of a Cybersecurity Attack

The real cost of a cybersecurity attack isn’t downtime. It’s what happens after recovery. Read this real-life account of a business’ cybersecurity attack.

How IT Standards Can Make Or Break CMMC Compliance

IT standards can make or break CMMC compliance. Follow these steps to get build those standards.

Is Cybersecurity encoded in your business DNA?

Is Cybersecurity Encoded In Your Business DNA?

To pass CMMC, your business’ cybersecurity needs to be in top shape. It’s all about having security in your DNA. Follow these guidelines to get cybersecure.

Is Your business mature enough for cmmc

Why A Mature Service Operation Matters for CMMC

Operational maturity is foundational to passing CMMC compliance. Here’s what mature service operation looks like and how your business can have one too.