Creating policies and other documentation can be one of the most time-consuming aspects of achieving CMMC certification.
To help you get started, we worked with our team of in-house federal compliance experts — all former auditors — to create a set of templates of key documents that may be reviewed as evidence during a CMMC assessment.
Use this template to start creating a well-documented SSP that can help streamline the CMMC assessment process and demonstrate your organization’s commitment to cybersecurity.
Use this template to identify and track the actions required to address gaps in your organization’s controls that were identified during an internal or third-party assessment.
Use this template to document procedures and guidance supporting effective organizational configuration management.
Use this template to simplify the process of creating an incident response plan for your organization.
Use the template below as a starting point for assessing risks. It is tailored for non-adversarial risk, but you can use it to assess adversarial risk by replacing “range of effects” with “threat source characteristics.”
Use this template to help set an organizational risk mitigation strategy and align employees and other stakeholders to it, or use it to mitigate risks for specific projects as an individual or group.
