TEMpered compliance
The Department of Defense has twin cybersecurity requirements at the moment: the NIST 800-171 compliance in DFARs 252.204-7012, and the in-development Cybersecurity Maturity Model Certification (“CMMC”) contained in 7019-7021. CM Software has you covered under both sets of standards in one centralized location.
CM Software built a simple and flexible platform to help government contractors manage the cybersecurity demands of their government contracts. This software uses the Control Families and Controls found in 800-171 to perform, as well as the CMMC domain-capability-practice-level structure.
By using the CM Software CMMC Software, you’ll be able to:
Understand your network: The NIST MEP 162 self-assessment questions have been built into the program, with 5 multiple choice answer options and free space. Automatically produce a Security Assessment Report from the tool. Roll these answers over to the implementation and system security planning area.
Assess your NIST 800-171 controls: The software guides you through each of the NIST 800-171 controls so that you can record your implementation status for each of the 110 controls. Implementation statuses are calculated in real-time. You can generate an automated system security plans (SSP) with just one click.
Visualize your subcontractors’ compliance: The Tempered Compliance platform allows you to import the NIST 800-171 control statuses from your subcontractors, calculate their SPRS scores, and visualize their compliance status. You can group each subcontractor by socioeconomic set-aside, the contract(s) they are on with your company, and the agencies they serve. Tempered enables you to manage your subcontractor risk.
Visualize your system’s control status in one location: Our easy-to-read, mathematically precise scoring lays out your implementation across each NIST 800-171 control, and with each of the CMMC practices and processes. You will quickly be able to see which controls and practices are deficient, enabling you to quickly self-score your CMMC level. Identify which controls and practices are deficient and need improvement plans.
Plan to resolve your deficiencies: Our interactive POA&M enables you to quickly build a POA&M. Build one standardized header for a network. Simply click to open a planning cell for an identified weakness, and you will be able to build a complete plan, with associated milestones and corresponding dates, in one standardized format. Add as many improvement plans as necessary. Run the POA&M with just one click.
Manage your plans to successful outcomes: The POA&M template links to a governance calendar so that milestones and completion dates can be tracked in one location. The POA&M template allows you to assign individual points of contact for each milestone and planned improvement.
Prepare for your cybersecurity audit: Understand the documentation necessary to demonstrate to the auditors that you are in compliance with a control or practice. Organize the documentation in one place.
Be a stronger teaming partner and work with stronger subcontractors: Prime contractors will need to be confident their subcontractors have achieved cybersecurity goals and are managing their plans. Produce planning documents and provide status reports to partners to prove that your cybersecurity plans are operating as designed, and that you are a trusted partner. Primes can mitigate cyber risk with their subcontractors.
The versatility of Tempered Compliance enables it to be used to implement a compliance plan for both the 800-171 and the CMMC, manage cybersecurity control & practice implementations, understand your supply chain cybersecurity risk, and demonstrate compliance to third party auditors. There is no better way to demonstrate the maturity of your cybersecurity controls than using Tempered Compliance internally and with your subcontractors.
