Now that the deadline for submitting your NIST SP 800-171 self-assessment to the Supplier Performance Risk System (SPRS) has expired - it was November 30, 2020 - how prepared are you for the Cybersecurity Maturity Model Certification (CMMC)? To find out, start by considering these questions:
- Have you submitted your controls self-assessment questionnaire in the SPRS?
- Have you identified the assets where controlled unclassified information (CUI) might be stored?
- How many controls in your environment need to be in place for your segregated CUI environment?
- Is any of the CUI you are responsible for in a cloud environment? Is it approved by the government? Is it encrypted? If your cloud provider were breached, are you sure your data is protected?
- Assuming you got your self-assessment in on time, did you respond honestly or did you “stretch the truth” a little? (Or would a third party assessment align with what you submitted?)
