CMMC COMPLIANCE CHECKLIST
Is Your Business Ready for CMMC 2.0?
Whether you're pursuing Level 1 or Level 2 certification under the Cybersecurity Maturity Model Certification (CMMC), one mistake can cost you a DoD contract.
RATE YOUR PREPAREDNESS WITH THESE KEY POINTS:
Access Control (AC)
Enforce least privilege, role-based access, and account management practices to restrict system and data access.
Mapped Controls: AC.1.001, AC.1.002, AC.3.012 (NIST 800-171 3.1.1, 3.1.2, 3.1.5)
Identification & Authentication (IA)
Implement multi-factor authentication (MFA) for all users, including privileged and remote accounts.
Mapped Controls: IA.3.083, IA.3.084 (NIST 800-171 3.5.3, 3.5.7)
System & Information Integrity (SI)
Apply timely updates, vulnerability remediation, and monitoring to maintain system security and integrity.
Mapped Controls: SI.1.210, SI.2.214, SI.2.216 (NIST 800-171 3.14.1, 3.14.2, 3.14.3)
Media Protection & Data Security (MP/SC)
Encrypt Controlled Unclassified Information (CUI) both at rest and in transit; safeguard storage, transfer, and disposal.
Mapped Controls: SC.3.177, SC.3.192, MP.3.123 (NIST 800-171 3.13.8, 3.13.16, 3.8.9)
Awareness and Training (AT)
Provide ongoing cybersecurity awareness training to personnel handling CUI, focusing on phishing, insider threats, and reporting requirements.
Mapped Controls: AT.2.056, AT.2.057 (NIST 800-171 3.2.1, 3.2.2)
Incident Response (IR)
Develop, document, and regularly test an incident response plan to ensure detection, reporting, and recovery capabilities.
Mapped Controls: IR.2.093, IR.2.096 (NIST 800-171 3.6.1, 3.6.3)
WHO DOES THIS AFFECT?
DoD contractors or subcontractors
Supplier to the Defense Industrial Base (DIB)
Manufacturer, tech, aerospace, or engineering firm
Digital integrators and program consultants
ALL DEVICES
ALL THE TIME
Failing a CMMC audit isn’t just inconvenient - it’s a direct threat to your ability to win and retain DoD contracts.
TALK TO AN IT EXPERT