As a Cybersecurity consulting company, an Authorized C3PAO, and having worked with many small and medium Defense Contractors in the Defense Industrial Base, KNC are experts in Governance, Risk, and Compliance. We are now offering our documents for use by Organizations Seeking Certification for the Cybersecurity Maturity Model Certification (CMMC) program. We also make our entire library available at no cost for any client that engages us for CMMC Preparation for an assessment.

KNC CMMC Documentation Package

NIST 800-171 and CMMC

Policies, Plans, Procedures, and Forms

  • Developed by KNC, used by KNC, and our clients

  • Created spcifically for compliance with NIST 800-171 and CMMC

  • Used by KNC for our DIBCAC C3PAO Assessment

  • Comprehensive, Complete, and Customizable

Policies and Procedures

 

Policies
Acceptable Use Policy
Acceptable Use Policy - User Agreement
Access Control Policy
Audit and Accountability Policy
Awareness and Training Policy
Configuration Management Policy
Identification and Authentication Policy
Incident Response Policy
Maintenance Policy
Media Protection Policy
Personnel Security Policy
Physical Protection Policy
Privileged User Agreement
Risk Assessment Policy
Security Assessment Policy
System and Information Integrity Policy
Systems and Communications Policy

Procedures
Acceptable Use Policy Violations SOP
Audit Log Management SOP
Baseline Configurations SOP
Cryptographic Key Management and Encryption SOP
ESP Quarterly Reviews SOP
Incident Response and Alerts SOP
Maintenance SOP
Media Destruction SOP
Ongoing Tasks SOP
Personnel Changes SOP
Processes for Safeguarding CUI SOP
Publicly Accessible Content SOP
Risk Assessment SOP
Security Awareness and Training SOP
Security Functions SOP
System Hardening SOP
Table Top Exercises SOP
Termination Checklist SOP
Threat Intelligence SOP
Windows Logon Banner SOP

Plans and Forms

 

Plans
System Security Plan Access Control Plan
Audit and Accountability Plan
Awareness and Training Plan
Configuration Management Plan 
Identification and Authentication Plan
Incident Response Plan
Maintenance Plan Media Protection Plan
Personnel Security Plan
Physical Protection Plan
Plan of Action and Milestones
Privileged User Agreement Risk Assessment Plan
Security Assessment Plan
System and Information Integrity Plan
Systems and Communications Plan

Forms
Assessment Scope and Boundary Diagram
Business Risk Assessment
CCB Change Log
CCB Meeting Report
Control Definitions
Data Flow Diagram
DIB Incident Collection Form
Incident Report Form
Incident Report Team Quarterly Report Form
Network Diagram
Ongoing Tasks Tracking Log
Quarterly Incident Report Table Top Exercise Form
RACI Matrix
Risk Register
Tabletop Exercise Feedback Form
Users and Roles
IT Component Change Log
CUI Inventory
Duties and Responsibilities Contact List
Hardware Inventory
Software Baseline
External Connections
Interconnections Matrix