1. Make sure you have the right people involved. CMMC and any unintended non-compliance is a risk factor for your company, so you’ll need high-level business owners involved in this process in addition to technology owners – particularly those who are responsible for business risk.
2. Get an assessment. The time is yesterday! A CMMC assessment shows your performance against the standard and the gaps you’re required to fill. Before you ask: yes, there is a provision for self-audit if you’re up to the task; but Inline Computer and Communications can facilitate and speed up this complicated process substantially for you.
3. Weigh your options. In the end, complying with CMMC may cost more than your DoD revenue stream. You may want to consider selling that IP and the associated manufacturing processes to another larger, already CMMC certified, company rather than take on that compliance expense.
4. Build a plan of action. If you plan to move forward, work with Inline Computer and Communications to decide what gaps to fill first, then we can build a plan together. With the proper partners in the right places at the right time, you can be well on your way to CMMC compliance.