Xacta® for CMMC

Helping Defense Contractors Protect the Sensitive Unclassified Information in Their Custody

Cybersecurity Maturity Model Certification (CMMC) is a unifying standard developed by the U.S. Department of Defense. It is intended to ensure that members of the Defense Supply Chain are applying sound cybersecurity and risk management practices in order to protect sensitive unclassified information. CMMC requires a CMMC Third-party Assessor Organization (C3PAO) to verify the cybersecurity maturation level of all DoD contractors that handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the DoD supply chain.

In response, Telos® has developed the Xacta 360® CMMC offering to support contractors and vendors within the supply chain that require or need to prepare for certification and assessment by a C3PAO.

Because CMMC is an evolving standard, our offering enables you to assess the maturity level required today as well as build a roadmap to the maturity level of tomorrow. 

Automate processes of preparing for a CMMC assessment

Identify the data supply chain for FCI and CUI data

Manage compliance with NIST SP 800-171 and CMMC within the same project

Conduct CMMC self-assessments and organize artifacts for an efficient C3PAO audit

Utilize control inheritance capabilities while implementing the required CMMC controls for your maturity level

Monitor and maintain your certified environment for easier recertification every three years

  • How does the Xacta CMMC offering work?

    As is true with all other Xacta 360 offerings, Xacta for CMMC works much like tax preparation software, helping the user navigate the end-to-end process.

    Users are presented with a series of input screens that collect and organize all of the data needed for the CMMC assessment. These screens are organized in a logical manner and prompt the user to answer questions and input the data needed to ensure all identified gaps and deficiencies are eliminated before the C3PAO walks through the door.

    Xacta also generates related documentation (SSP, security assessment summary, and NIST SP 800-171 scorecard) as a byproduct of the process. You do not have to generate these documents from scratch at the end of the process. Xacta does this for you based on your inputs.

  • How will the Xacta CMMC offering benefit me?
    • You will not have to rely on email and spreadsheets to manage the process. Xacta centralizes CMMC compliance activities, underlying data, assessments, and evidence.
    • The offering can reduce the cybersecurity and information assurance expertise required to complete CMMC preparatory activities.
    • This simplification of the process also reduces your dependency on expensive, hard-to-find cybersecurity and IA personnel.
    • Xacta for CMMC automatically generates evidentiary documents when you need them.
    • The offering ensures a smooth assessment process when the C3PAO arrives.
    • Xacta allows you to efficiently manage and maintain your CMMC certification over time by utilizing automated control periodicity.
  • Will the Xacta CMMC offering save me time?

    Xacta 360 will save you weeks of time interpreting and implementing the CMMC process. Smaller organizations with few cybersecurity and IA resources will realize a dramatic benefit.

    The application will save you days and perhaps weeks of time (depending on the size of your environment) establishing your IT asset and cloud resource inventory affected by FCI and CUI.

    The document generation process is completely automated. Xacta generates all documents, based on user data inputs. This function also saves weeks of time.

Request a Demo
Let us show you Xacta in action.