DoD CMMC 2.0 Activities

---

SPRS:  

- Review Suppler Performance Risk System (SPRS) 

Enterprise Gap Assessment:  

- Assessment  

- Practices 

- Processes 

- Security Controls  

- Plans  

- Policies 

- Procedures 

- Cyber Insurance 

- Risk 

- Governance 

- Compliance  

Network Penetration Test: 

- External  

- Internal 

- Dark web 

- Exploitations 

- Malware 

- Vulnerabilities  

Deliverables: 

- Kickoff 

- Assessment  

- Out brief 

- Analysis & Recommendation Report 

- Plan of Action and Milestones (POA&M) Report 

- Roadmap  

Remediation: 

- Gap Assessment 

- Network Penetration Test 

- Security Awareness Training & IR Tabletop Exercise  

DoD CMMC Assessment Package:  

- Prepare CMMC 2.0 Assessment Package  

- Develop Traceability Matrix 

- Develop Plans, Policies, & Procedures  

- Develop/Update Digital IT & Security Repository 

- Coaching  

- Upon request support in CMMC Assessment  

Sustainment: 

- Security Hygiene  

- Develop/Update Plans & Policies 

- Conduct Annual Security Training & Exercises