After interviewing a handful of Managed Service Providers (MSP) that could take us through the Cybersecurity Maturity Model Certification (CMMC) journey, it was time to choose one. This was a difficult decision based on there being multiple MSPs that were familiar with CMMC in our area.  

There is a requirement that an MSP must have CMMC themselves. Some of the MSPs that I interviewed understood this and some did not. This was the first thing that narrowed down my list. I was not willing to work with an MSP that was not CMMC compliant themselves. For example, if you want to build a house, you wouldn’t choose a person to build it just because they were familiar with building, but rather you would choose them because they have built a house before and are educated on the building process.

I selected an MSP that could offer more than just CMMC. The team that I chose had experience in the nonprofit and grants space, and could help me take advantage of opportunities available through the state of Wisconsin for woman-owned and minority-owned small businesses. Achieving CMMC comes with a hefty price tag, so I felt it would be helpful to have someone on my team helping me leverage the available opportunities.

Another factor in my selection was this particular MSP had an existing partnership with a securities team that was recommended by the Department of Defense.

After I made my decision, I gathered my management team and explained to them that I had selected an MSP to help us through CMMC, and we were going to be starting right away.

Throughout this CMMC journey, I will continue to share my experiences as a small-business owner and the realities of the CMMC process for STRYKER. If you are also considering this cybersecurity journey, follow along to reap the benefits of what we’ve already come to learn.

-Nicole