NIST SP 800-171 Assessment Checklist
Download our checklist to help prepare for your NIST assessment.
.jpg?ext=.jpg)
How Can I Lower the Cost of My CMMC Assessment?
One of the first questions that organizations seeking CMMC assessments ask when they meet with us is, “How much is this going to cost?” Smithers uses a quoting process that is designed to learn more about your organization, and then you receive a customized quote detailing assessment pricing that is tailored for your organization. However, no matter what your quote or from whom you receive it, there are a few general ways to keep your costs under control.
Ask yourself the following three questions as you prepare.
Is my CMMC scope the proper size?
Scope is perhaps the most important facet of preparing for a CMMC assessment because it determines what needs to be assessed and what does not. While some companies may need to include everyone and everything in their scope, this is not true for all contractors. The more you can frame where your CUI resides and who actually touches it, the smaller your scope will be. A smaller scope can reduce the duration and cost of your assessment.
Is my documentation ready?
Make sure you have everything ready and easily accessible. That includes your System Security Plan (SSP), proof of policies, and more. In addition to reading the NIST SP 800-171r2 controls, be sure to look over the assessment objectives from the NIST SP 800-171a and the CMMC Assessment Process (CAP) so you understand what your assessor will want to see.
Am I using tools that will help me comply?
There is not a single tool that will, or should, ensure a perfect score on your assessment. However, you can utilize reputable and reliable tools that can assist. We suggest contractors find a strong Governance, Risk & Compliance (GRC) tool to help gather information and track progress. If your assessor can log into your platform, this can also help save time during the actual assessment.
If you are not sure about the answers to these questions, contact us today and we can help.
CMMC Assessments are Investments in Your Future
Remember, once CMMC becomes a mandate in contracts, compliance will help determine how your company will fare in the future. Investing in cybersecurity and CMMC compliance is like investing in life insurance or health insurance. It will pay dividends when you need it most. Contact us today with any questions you may have.
Related CMMC Questions:
What is a SPRS score?
Learn about what a SPRS score is and the role it plays in your CMMC compliance journey.
How difficult is CMMC compliance?
This post was about reducing cost and duration, but how hard is it to actually get to your assessment phase? Learn about the difficulty of CMMC compliance.
What does a C3PAO do?
When you partner with a C3PAO, what should your expectations of them be? Learn more about C3PAOs.
About Smithers
Founded in 1925 and headquartered in Akron, Ohio, Smithers is a multinational provider of testing, consulting, information, and compliance services. With laboratories and operations in North America, Europe, and Asia, Smithers supports customers in the transportation, life science, packaging, materials, components, consumer, cannabis, dry commodities, and energy industries. Smithers delivers accurate data, on time, with high touch, by integrating science, technology, and business expertise, so customers can innovate with confidence. Smithers is an authorized C3PAO and can be found on the CyberAB Marketplace.
