OVERLAND PARK, Kansas, February 7, 2024 — Today Onspring, the no-code SaaS GRC automation software, launched its new CMMC Management product that simplifies and centralizes the data collection, testing, and reporting processes for organizations requiring certification for the Department of Defense’s (DoD) CMMC 2.0 framework.
These organizations are currently managing hundreds of data points across numerous spreadsheets and teams to track their compliance with CMMC 2.0 in order to secure government contracts with the DoD. This tedious and cumbersome manual effort is costing organizations time and money with data collection and identified findings that go unresolved or unreported.
Onspring CMMC Management software is estimated to generate 70% savings in time by automating the control testing and POA&M processes, plus providing real-time reporting of compliance against each of the three CMMC levels.
“While the CMMC 2.0 revision provides an improved framework for safeguarding sensitive national security information and helps simplify compliance, it’s difficult for organizations to achieve certification and time-consuming to implement and maintain compliance,” said Brett Sommers, Director of Product at Onspring. “Our CMMC Management product helps organizations achieve certification readiness and automatically generate CMMC 2.0 reports that improve the overall communication and management process.”
Onspring makes it easy for managers across all CMMC roles and responsibilities to streamline the certification process – from control owners and testers to finding owners managing the POA&M process to executives viewing overall CMMC compliance status.
CMMC Management product features:
- Control libraries directly mapped to risks, policies, regulations, and standards, including NIST SP 800-171 and NIST SP 800-172 frameworks
- Automatic scoping of controls and control objectives by CMMC level for assessments
- Tracks identified deficiencies and related mitigation procedures through the POA&M process
- Automatic generation of CMMC reports with the ability to filter data on the fly by assessment, date, and more or export to stakeholders
- Dynamically calculates the organization’s Supplier Performance Risk System (SPRS) Score based on compliant controls
- Available in a FedRAMP moderate environment