If you're on this page, you have a problem. You must get certified under CMMC to a Level 3 to continue to compete for DoD contracts. But, right now, you are staring at a blank Word page on one screen and the CMMC controls on the other. Your company does not have a cybersecurity person to help you.
So, to sum it up, you have to write a System Security Plan or SSP, develop a policy for each of the 17 security domains, and write a Plan of Actions and Milestones (POA&M) to say how you will or have accomplished the 130 controls or practices in Level 3. And do it all by early 2021. That's where 3 Territory Solutions can help.
Here at 3T, we have an in-depth knowledge of the CMMC program. Every single practice has been mapped out, we know what they mean and how to accomplish them on your systems. Not only the ?how? of each of these practices, but the why. We have policy templates for each of the security domains that we can use to help you quickly build your required documentation. The same goes for the SSP and POA&M. We also have tools to help you map your networks to provide the needed network diagrams and equipment inventories.
Roles and Responsibilities
Information Security Program Management
IS Policies
Acceptable Encryption
Account Management
Audit Policy
Awareness and Training
Configuration Management
Email Policy
Information Sensitivity
Password Construction
Password Protection
Penetration Testing
Remote Access
Software Installation
Vulnerability Management
Wireless Communication
Wireless Communication Standard
Workstation Security
Corporate System Security Plan (SSP)
Corporate Plan Of Action and Milestones (POA&M)
Corporate Information Systems Contingency Plan / CONOPS (ISCP)
Corporate Event/Incident Communication Plan (EICP)
Corporate Event/Incident Response Plan (EIRP)
Corporate Security Audit Plan (SAP)
Corporate Security Monthly Audit Report (SMAR)
DBINet DFARS Incident Response Form
US-CERT Incident Response Form
CJCSM 6510.01B - Cyber Incident Handling Program 2012 Incident Response Form