Build a CMMC Program from ISO 27001 Certification (M1d)
ISO 27001 is a popular certification among Defense Contractors. For companies already with ISO 27001 cert or seeking to obtain it, you might ask, “Can I leverage my ISO 27001 investment, and integrate it into the CMMC program to reduce the implementation cost?” The basis of ISO 27001 requires an ongoing risk assessment and asset management. It also involves implementing an incident response plan, training and awareness throughout the organization. It requires a regular and systematic audit to review this information security management. CMMC is based on NIST 800-171. Many NIST 800-171 controls are derived from ISO 27001. You can use your existing ISO 27001 documentation as a starting point and add a small number of NIST 800-171 requirements not covered by ISO 27001. You could save on the CMMC implementation cost with this approach. This talk will discuss how a company leverages the ISO 27001 certification and speed up CMMC compliance. This talk will highlight the differences between the ISO 27001 and CMMC compliance components such as scoping, SSP, POA&M, policies, procedures, and practices. In addition, this talk will cover how to align these two sets of compliance requirements to efficiently help you achieve CMMC compliance.