CMMC Assessments

Overview of CMMC Assessment Process

hncyberhnspacehntraininghnBloghncompliancecenterhninsidercmmcupdate

i2 CMMC Assessments

Imprimis offers Cybersecurity Maturity Model Certification (CMMC) Assessments which can be performed either remotely or onsite. We offer both an Initial Assessment and a Final Compliance Assessment (pre-audit).

CMMC Initial Assessment:

The Initial Assessment of the organization and network will be performed to determine the extent of compliance with the CMMC requirements at the desired level and will include gathering all requirements of the operating environment including known risks; a review of any existing policies and procedures, network diagrams and standards; and examination of the technical configuration of the current on-premise systems and cloud-based elements. The deliverables are as follows:
  • The i2ACT 800 software tool and associated assessment database
  • An assessment report detailing compliance status with both the CMMC and DFARS requirements
  • A remediation report detailing all noncompliant requirements and the general tasks that must be completed to become compliant.
  • A Requirement/Practice/Process remediation action list
If Imprimis is supporting the customer with documentation and remediation activities, the assessment will be continuously updated so that it is complete upon full compliance.

Final Compliance Assessment:

The Final Assessment would be performed at the conclusion of remediation and upon reaching full compliance and will be included in the company’s Book of Evidence. This assessment might also be performed prior to a scheduled certification audit as a final check on compliance status if some time has passed between reaching compliance and the audit.
The deliverables are as follows:
  • An updated assessment database in the i2ACT 800 software tool
  • A final, updated assessment report detailing compliance status at the desired level of the CMMC and with DFARS requirements
  • A final assessment report in a format suitable for inclusion in the company’s Book of Evidence to be used during a certification audit.
If Imprimis is supporting the customer with documentation and remediation activities, the assessment will be continuously updated so that it is complete upon full compliance and this final assessment would not be needed.

 

The i2ACT-800 Pro Menu:

(This is the Full NIST-800-53 Menu View - CMMC Features Will be Added)

i2Act800promenu