Step one is to get NIST 800-171 documentation out of the way. You can do a self-assessment of the 800-171 controls or hire a third-party service company to do a GAP analysis to determine your current level of compliance. This is where we come in, our auditors will do a “by the book” assessment against the current CMMC version and provide you with a roadmap to compliance toward the final 1.0 version. This is your opportunity to get 90% of the work done before the competition and ahead of the last-minute rush to get validated.
The second step is to map your 800-171 assessment to the CMMC requirements once they’re released. Be ready to address the gaps you find during mapping and implement solutions to remediate them. We will provide you with an SSP, POAM and remediation actions to complete.
The third step is to find an authorized 3rd party to audit your assessment and give you a certification for the level you need. You should have no trouble finding an auditor even before the requirements are released, since its very likely existing 800-171 service companies will transition to CMMC auditors.