CMMC Basics (Kieri Solutions)
CMMC Basics Part 1

CMMC Basics Part 1

Complete & Continue Next Lesson Learn More

IN THIS LESSON

In this session, Mark Hapeman (President of Kieri Solutions) and Amira Armand (CEO of Kieri Solutions) walk through the practical steps for organizations preparing for Cybersecurity Maturity Model Certification (CMMC).

Key points include:

  • Where to Start: Visit https://dodcio.defense.gov/CMMC/Resources-Documentation/ to access foundational materials like the CMMC 101 Brief, model overviews, and scoping guides.

  • Data Classification: Understand what types of data you handle—Federal Contract Information (FCI) or Controlled Unclassified Information (CUI)—to determine whether you fall under Level 1, Level 2, or Level 3 requirements.

  • Scoping: Identify where CUI resides within your IT environment and categorize your assets using the Level 2 Scoping Guide. This step defines what systems must comply with CMMC controls.

  • Training & Expertise: Because CMMC requirements and scoping can be complex, organizations are encouraged to work with Certified CMMC Professionals or Assessors, or take formal training courses.

  • Assessment Process: Implement the 110 NIST SP 800-171 controls, document everything (including a System Security Plan), and conduct a formal self-assessment. This is required for both self-certification and certification assessments.

  • Submitting Results: Self-assessment scores are submitted to the Supplier Performance Risk System (SPRS), while C3PAOs will use EMASS for official certification results.

  • Certification Benefits: Being certified, especially at Level 2, can offer competitive advantages in the defense supply chain by demonstrating cybersecurity maturity.

The video emphasizes that successful preparation takes time, expertise, and structured effort—and that certification, once achieved, positions companies for long-term success in the defense contracting space.