The CMMC Compliance Assistance Visit (CAV)

The CMMC Compliance Assistance Visit (CAV)

Charging Cavalry
Charging Cavalry
The Cavalry Charge

The Assistance Visit

The ‘Assistance Visit’ is an engagement long embraced by many organizations, primarily in government. The intent is to provide access to experts in appropriate areas of interest to assess, advise and instruct the organization to improve some business process. An end result may be preparation for an audit, assessment or certification, an increase in productivity, added efficiency, or any other business process improvement.

What’s in a Name?

Amongst many of us in the CMMC Ecosystem, especially Registered Provider Organizations (RPO) and Registered Practitioners (RP), we’ve been struggling with naming types of engagements with clients and Organizations Seeking Certification (OSC). The consulting and assistance side of things is fairly routine, very similar to our cybersecurity consulting efforts thus far. But, there’s an engagement type that many have asked for, and we just haven’t quite figured out a name for it. That engagement is a an effort to help ensure the organization is fully prepared for a formal assessment.

That Name is Taken

Many might call this type of event a Pre-Assessment. Unfortunately, that moniker is already taken. According to the CMMC Advisory Board, a pre-assessment event is conducted by a C3PAO’s Assessment Team to ensure the OSC has appropriately prepared and is ready for the formal inspection. It is not, however, meant to provide any material assistance. Rather, to make sure prerequisite information is available, points of contact are selected, and other administrative details are in order.

This One is Confusing

So, to avoid confusion and misrepresentation, we should probably avoid using that term. What’s left? Many have suggested using the term Gap Assessment. This is fairly well known in other compliance frameworks and is meant as a measure to identify the gaps between where an organization currently stands, and where they want or need to be. But, the term doesn’t seem to resonate well with those not already familiar with it.

The CMMC Compliance Assistance Visit

I propose the Assistance Visit, or more appropriately for us, the CMMC Compliance Assistance Visit (CAV). The wording itself seems self-descriptive and informative enough that even those not familiar with the term should be able to easily decode its intent. A CMMC CAV makes available expertise in CMMC requirements, goals, and objectives, as well as potentially other valuable skills – Cybersecurity Controls, Governance, Risk Management, Policy Development, etc. The goal of the CMMC CAV is to provide an OSC with insight as to whether they’re truly prepared for a formal CMMC Assessment, or if they have more work to do to prepare.

The CMMC CAV might be requested by an OSC as they’re planning, scheduling, and resourcing for a formal assessment. Or, it might be requested of an RPO by a C3PAO prior to formally engaging with client as a risk mitigation task.

Help Us Make the CMMC CAV a Valuable Service Offering and Tool

We solicit feedback and recommendations from others in the community to help fill in the details on what should be included, and whether some standardization might be warranted.

Dan bjorklund - cyber security specialist

Daniel Bjorklund

PRINCIPAL

With over 30 years of experience, Daniel Bjorklund is a dedicated information security practitioner, mentor and innovator. He serves as a principal vCISO at Assured Bridge, helping to mature and guide compliance-as-a-service and managed security service provider operations. He is also active in the startup and entrepreneurial communities in the Augusta, GA area, helping set firm cybersecurity foundations for new companies and efforts.

Dan is a current CISSP and holds a Master of Science degree in Information Assurance and Security and a Bachelor of Science degree in Information Technology. When not hunched in front of a computer, Dan can often be found above 3000 feet avoiding highway traffic, flying his airplane as a licensed pilot. He and his wife enjoy outdoor activities, biking, fishing and sightseeing in the Southeastern United States.

Search our Blog
Categories
Subscribe to our Newsletter
We’ve got a lot of good info to share! Sign up for the Assured Bridge newsletter and receive tips on how to remain compliant with Federal CUI standards.