last changes 08/23/2021
The CMMC Pre-Assessment is the 3rd Phase in the four-phase CMMC compliance process. After the initial CMMC Gap Analysis, remediation of any issues, implementing all required controls, and developing the required documentation it is time to see if you are ready for the final CMMC Assessment. Depending on the CMMC Level you are required to comply with will be a self assessment or you might need to be assessed by a Certified 3rd Party Assessor Organization (C3PAO).
What to Expect From a CMMC Pre-Assessment
In this phase, our CMMC compliance experts will conduct an on-site Pre-Assessment (mock-audit) which will take several days on location. The goal of this phase is to not just verify implementation but also to prove the maturity of the CMMC implementation.
The deliverable is a report that includes details about the compliance status of each control. If applicable, it will provide advice on how to fix areas that may cause your organization to fail the certification assessment and other recommendations to ensure a smooth final CMMC assessment.
Can You Perform This Service Remotely?
Typically the answer is no – but it depends on your organization, how the IT infrastructure is setup, and how the CUI flows. Contact us to discuss your situation.
In most cases we cannot perform a gap analysis or pre-assessment remotely as the CMMC includes physical security requirements that are impossible to verify remotely. Every CMMC Gap Analysis or CMMC Pre-Assessment we have performed revealed issues that would have been undetected in a remote engagement and caused that organization to fail a certification. You want to make sure that nothing is being overlooked. This is especially true if you will be assessed by a 3rd party. After all, the C3PAO or DoD will perform their CMMC Assessment at your location as well.
Due to our status as a CyberAB Registered Practitioner Organization™ (CMMC-RPO), Ecuron can perform pre-assessment services which include CMMC Gap Assessments (also called CMMC Gap Analysis), help with remediation and implementation, and CMMC Pre-Assessments. We do not conduct the final CMMC Assessments.
Take the first step in aligning your information security requirements. To discuss your CMMC requirements and schedule a complimentary 15-30 min consultation, email us at firstname.lastname@example.org or use the form bellow.
Receive Our Latest Posts & Publications