Similarities and differences between NIST 800-171 and CMMC Level 3. This 2+ minute CMMC FAQ video answers the question: Is NIST 800-171 compliance synonymous with CMMC Level 3? They’re similar and even congruous, but CMMC Level 3 is more involved. Kyle discusses the differences and gives insight on what else is needed.
Let’s take a look at some frequently asked questions about CMMC. What are the similarities and differences between NIST 800-171 and CMMC Level 3? Am I in compliance with NIST 800-171? Am I ready for the CMMC maturity Level 3 assessment? It depends. CMMC Level 3 requires an implementation of 130 practices, which includes 110 practices from NIST 800-171 plus 20 additional CMMC practices. CMMC Level 3 mandates all 130 practices to be completely documented and implemented in order to pass the assessment and get the certification.
NIST 800-171 allows for POAM, CMMC does not
However, NIST 800-171 allows you to be in compliance without implementing all 110 practices, as long as you have a plan of action and the milestones POAM in place for the missing practices. This is a huge difference. If you have documented and implemented all 110 practices of NIST 800-171 without any POAM items, you just need to check and establish any of the missing 20 CMMC practices. In general, if you have already started NIST 800-171 compliance work, the effort for complying with CMMC Level 3 will be smaller.
Map the NIST 800-171 practices to see the gaps
Therefore, to move from this 800-171 compliance to CMMC Level 3 assessment readiness, you should map the NIST 800-171 practices to CMMC Level 3 practices to clearly see the gaps. This exercise will allow you to evaluate and assign appropriate resources to close these gaps and achieve CMMC readiness in a more effective and more efficient manner. Feel free to contact us for CMMC questions or assistance to your CMMC preparation effort. You can reach us at CMMC@klcconsulting.net. My name is Kyle Lai, President and Chief Information Security Officer at KLC Consulting. We look forward to hearing from you. Thank you.
To visit the CMMC-AB website click here
Thank you for visiting our website!