ComplianceForge - NIST 800-171 & CMMC CMMC Bundle 1: Level 1 (CMMC 2.0 L1 & FAR 52.204-21)
No reviews yet
$3,750.00
$3,000.00
(You save $750.00 )

CMMC Bundle 1: Level 1 (CMMC 2.0 L1 & FAR 52.204-21)

SKU:
CMMC-B1-L1
UPC:
692878857116
Availability:
Email Delivery Within 1-2 Business Days

Maximum file size is 15000KB, file types are bmp, gif, jpg, jpeg, jpe, jif, jfif, jfi, png, wbmp, xbm, tiff

Adding to cart… The item has been added

nist 800-171 cmmc compliance documentation template example

CMMC 2.0 Level 1 - CMMC 2.0 L1 & FAR 52.204-21 Policies, Standards & Procedures -  CMMC Level 1   (20% discount)

This bundle is as streamlined as we've been able to make it for those needing to demonstrate compliance with Cybersecurity Maturity Model Certification (CMMC) Level 1. If you need to address CUI requirements, then the NIST 800-171 Compliance Program (NCP) is the most appropriate solution for your needs.

The CMMC Level 1 Bundle includes two (2) ComplianceForge products:

  1. CMMC Level 1 Policies & Standards
  2. CMMC Level 1 Procedures

The CMMC 2.0 Level 1 & FAR 52.204-21 Policies, Standards & Procedures bundle is narrowly tailored for CMMC Level 1 organizations. 

Documentation Structure

The 17 requirements in CMMC Level 1 are based on 15 basic cybersecurity requirements found in FAR 52.204-21. The issue with this structure is that it is not conducive to make quality cybersecurity documentation (e.g., policies, standards and procedures). To address that weakness, the structure of the documentation leverages the Secure Controls Framework (SCF), since there is NIST IR 8477 Set Theory Relationship Mapping (STRM) that provides detailed justification for how SCF controls address both FAR 52.204-21 and CMMC L1 requirements. There is also coverage for FAR 52.204-27 and FAR Section 889, since those are clauses that you will likely need to address already if you are dealing with FAR 52.204-21 that focus on not using prohibited technologies.

The policies, standards and procedures also add in SCF CORE Fundamentals controls to provide "reasonable cybersecurity practices" that fill in a lot of gaps from CMMC L1 and FAR 52.204-21. The reason for this is CMMC L1 and FAR 52.204-21 were never meant to be a stand-alone cybersecurity program, where the US Government's expectation is that contractors have an existing cybersecurity program in place and these requirements are just existing practices that exist. Being an editable document, you can easily delete out the SCF CORE Fundamentals content (e.g., need for policies & standards, assigned cybersecurity roles, asset inventories, etc.) if you do not want it, but realistically you need those fundamental requirements if you do not already have them in place.  

CMMC Level 1 crosswalk mapping

FAR 52.204-21 + CMMC Level 1 

FAR 52.204-21 cybersecurity requirements form the basis for what CMMC Level 1 practices. While FAR 52.204-21 has 15 requirements, CMMC Level 1 adds 2 additional requirements. The CMMC Bundle #1 contains coverage for both FAR 52.204-21 and CMMC 2.0 Level 1 requirements.

CMMC Bundle 1 Coverage

View Product Examples

If you would like to view examples of ComplianceForge's NIST 800-171 Compliance Program (NCP) documentation, please click any of the images below:


example cmmc level 1 policies & standards
Policies & Standards
example cmmc level 1 procedures
Procedures
example cmmc level 1 crosswalk mapping
Crosswalk Mapping

 

Why Are These Products Part of The Bundle?

At ComplianceForge, we sometimes receive questions from customers, asking "Does ComplianceForge provide CMMC policy documentation?" or "Does ComplianceForge provide FAR cybersecurity policy documentation?" The short answer is, yes, we do procide this documentation, but before we can point them where to find the documentation, we must first know what requirements the customers has, as there are difference CMMC levels. This bundle is designed for organizations that need a cost-effective and timely solution to demonstrate compliance with CMMC Level 1. Our solutions is a customizable, easily-implemented set of documentation that your company needs to demonstrate compliance with CMMC 2.0 L1 & FAR 52.204-21 requirements. Being Microsoft Word documents, you have the ability to make edits, as needed. 

Please note that if you want a customized bundle, we are happy to create one for you. Just contact us with your needs and we will generate a quote for you.

Products Included in CMMC Bundle #1: 

cybersecurity & data protection program

CMMC 2.0 L1 & FAR 52.204-21 Policies & Standards

  • These policies & standards are in an editable Microsoft Word format.
  • Content is specific to CMMC 2.0 L1 & FAR 52.204-21 requirements.
  • Under each of the policies are standards that support those policy statements.
  • Includes many useful supplemental documentation templates:
    • Data classification & handling guidelines
    • Data retention guidelines
    • Rules of behavior (acceptable use)
    • Bring Your Own Device (BYOD) usage guidelines
    • and more templates
cybersecurity procedures template

CMMC 2.0 L1 & FAR 52.204-21 Procedures 

  • These procedures are in an editable Microsoft Word document.
  • The structure of the procedures make it easy to map to the corresponding policies and standards. This is an expectation that companies have to demonstrate how cybersecurity controls are actually implemented. 
  • Given the difficult nature of writing templated procedure statements, we aimed for approximately a "80% solution" since it is impossible write a 100% complete cookie cutter procedure statement that can be equally applied across multiple organizations. What this means is ComplianceForge did the heavy lifting and you just need to fine-tune the procedure with the specifics that only you would know to make it applicable to your organization.
  • The CSOP is mapped to leading frameworks to help with mapping compliance requirements.

 

 

Reviews


!