The interactive graphic below depicts Totem Tech’s “roadmap” to CMMC compliance, showing major milestones to achieving and maintaining Cybersecurity Maturity Model Certification (CMMC) Level 2* for the protection of Controlled Unclassified Information (CUI). Hover over or click each milestone for an explanation and a list of Totem Tech’s services and free tools that will aid your small business on its compliance journey.
You can also download the Roadmap to CMMC Compliance as an interactive slideshow.
* Your organization is already expected to be CMMC Level 1 compliant, i.e. meeting FAR 52.204.21 requirements, by the time it does any work in the Federal government supply chain. If your organization needs help with CMMC Level 1, the roadmap to CMMC compliance below is still applicable, and all the resources listed will help. We also focus extensively on CMMC Level 1 in our CMMC Workshops. Come join us!
Scope your system: Identify the FCI/CUI and characterize its lifecycle in your environment.
How Totem Tech can help:
Totem™ Cybersecurity Compliance Management SaaS
Free Tools:
Catalog your system: List all your assets that support any of the FCI/CUI lifecycle phases.
How Totem Tech can help:
Totem™ Cybersecurity Compliance Management SaaS
Free Tools:
Develop your plans: Write the three plans required by DFARS 7012: System Security Plan (SSP), Incident Response Plan (IRP), and Plan of Actions and Milestones (POA&M).
How Totem Tech can help:
Totem™ Cybersecurity Compliance Management SaaS
Free Tools:
Test incident reporting ability: Obtain an ECA certificate and test your organization's ability to report cyber incidents to the DoD.
How Totem Tech can help:
Free Tools:
Self-assess: Assess how well your organization has implemented the expected requirements and report your SPRS score to the DoD.
How Totem Tech can help:
Totem™ Cybersecurity Compliance Management SaaS
Free Tools:
Cybersecurity "DIB ready"
Your organization now meets the requirements of DFARS 252.204-7012, and is now ready to handle CUI in the Defense Industrial Base (DIB). Your organization can continue to fully implement the NIST 800-171 standard and plan for CMMC assessment.
Execute your POA&M: Begin executing your organization's POA&M to fix deficient cybersecurity capabilities and "institutionalize" cybersecurity.
How Totem Tech can help:
Free Tools:
Select managed service providers: Most SMBs will choose to outsource portions of their cybersecurity program to managed service providers (MSP/MSSP). Totem can help with our ZCaaS™, or we can introduce you to our trusted partners.
How Totem Tech can help:
Zero Client as a Service (ZCaaS™)
Free Tools:
Train your staff: Ensure all your staff are adequately trained, as they all have significant cybersecurity responsibilities.
How Totem Tech can help:
Free Tools:
CMMC Readiness Review: Hire a consultant to review your organization's cybersecurity program readiness for a CMMC assessment.
How Totem Tech can help:
Free Tools:
Get CMMC Certified
Your organization now can request a C3PAO assessment to certify at CMMC Level 2.
Totem Tech can introduce you to a trusted C3PAO partner that can conduct your assessment. Contact us for more information.
Monitor your program: Provide ongoing "care and feeding" for your organization's cybersecurity program, periodically executing routine maintenance tasks and self-assessing at least annually.
How Totem Tech can help:
Free Tools:
Assess risk periodically: Execute risk assessments at least annually or when triggered by events such as incidents. Manage newly discovered risks in your POA&M.
How Totem Tech can help:
Free Tools:
Address change securely: Execute system changes in a secure, controlled manner. Stay informed on the latest with CMMC, NIST 800-171, and cybersecurity threats. Get 3rd party assistance with your organization's annual self-assessments.
How Totem Tech can help:
Free Tools:
Secure Engineering Process Guide (SEPG) template
