CMMC Pre-Assessment Pitfalls

Preparing for CMMC compliance is a complex process, and organizations often fall into common pre-assessment pitfalls that can derail their certification efforts. This infographic highlights ten critical missteps and provides actionable fixes to avoid them.

Key Pitfalls & Fixes

Key Pitfalls & Fixes

Poor Scoping & CUI Boundary Analysis – Ensure proper boundary analysis to align with CMMC requirements.
Underestimating Resources – Train internal teams and develop a realistic compliance plan.
Weak Documentation – Strengthen System Security Plans (SSP) to support compliance.
Failing to Engage CMMC Experts – Work with certified professionals for guidance.
Ignoring Change Management – Integrate change management into compliance strategy.
Overconfidence in Security Posture – Conduct pre-assessments to identify and address gaps.
Poor Documentation Management – Maintain a centralized, audit-ready compliance repository.
Overlooking Third-Party Risks – Assess vendor security and define responsibilities.
Lack of Leadership Support – Engage leadership for commitment to CMMC readiness.
Rushing the Process – Follow a structured, phased approach to ensure success.

For a deeper dive into these challenges and how to mitigate them, read the full article: CMMC Pre-Assessment Pitfalls and How to Avoid Them

Protect the mission. Achieve CMMC compliance with a strategic, well-prepared approach. Talk to an expert to learn how Coalfire Federal can help.

Download the PDF Version

Download Here

Related Links

Download PDF
CMMC Pre-Assessment Pitfalls and How to Avoid Them
Mock Assessments - Your Secret Weapon to CMMC Success
CMMC Assessments Solution

Share this story

CMMC
Support Services

This website uses cookies

We use cookies to personalize content and ads, and to analyze our traffic and improve our service.

Necessary (Required)

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Name: CraftSessionId

Description: Craft relies on PHP sessions to maintain sessions across web requests. That is done via the PHP session cookie. Craft names that cookie “CraftSessionId” by default, but it can be renamed via the phpSessionId config setting. This cookie will expire as soon as the session expires.

Provider: this site

Expiry: Session

Name: *_identity

Description: When you log into the Control Panel, you will get an authentication cookie used to maintain your authenticated state. The cookie name is prefixed with a long, randomly generated string, followed by _identity. The cookie only stores information necessary to maintain a secure, authenticated session and will only exist for as long as the user is authenticated in Craft.

Provider: this site

Expiry: Persistent

Name: *_username

Description: If you check the "Keep me logged in" option during login, this cookie is used to remember the username for your next authentication.

Provider: this site

Expiry: Persistent

Name: CRAFT_CSRF_TOKEN

Description: Protects us and you as a user against Cross-Site Request Forgery attacks.

Provider: this site

Expiry: Session

Name: _grecaptcha

Description: We use Google reCAPTCHA for spam prevention.

Provider: Google

Expiry: 6 months

Name: __hssc

Description: Store anonymized statistics.

Provider: Hubspot

Expiry: 30 minutes

Name: hs-messages-hide-welcome-message

Description: Store if a message has been shown.

Provider: Hubspot

Expiry: 1 day

Name: __hs_cookie_cat_pref

Description: Store cookie consent preferences.

Provider: Hubspot

Expiry: 6 months

Name: *_key

Description: Store logged in users.

Provider: Hubspot

Expiry: 2 weeks

Name: hs_ab_test

Description: Store ID's of experiments and sessions for A/B testing.

Provider: Hubspot

Expiry: Session

Name: __hs_do_not_track

Description: Store 'do not track' signals.

Provider: Hubspot

Expiry: 6 months

Name: VISITOR_INFO1_LIVE

Description: Provide bandwidth estimations.

Provider: YouTube

Expiry: 6 months

Name: LiveChat

Description: Store a unique user ID.

Provider: LiveChat

Expiry: 2 years

Name: sdsc

Description:

Provider: LinkedIn

Expiry: Session

Name: li_gc

Description: Store cookie consent preferences.

Provider: LinkedIn

Expiry: 6 months

Name: BizographicsOptOut

Description: Store privacy preferences.

Provider: LinkedIn

Expiry: 10 years

Statistics

Statistic cookies help us understand how visitors interact with websites by collecting and reporting information anonymously.

Name: __hssrc

Description: Store a unique session ID.

Provider: Hubspot

Expiry: Session

Name: _ga

Description: Store and count pageviews.

Provider: Google Analytics

Expiry: 2 years

Name: _gid

Description: Store and count pageviews.

Provider: Google Analytics

Expiry: 1 day

Name: _ga_*

Description: Store and count pageviews.

Provider: Google Analytics

Expiry: 1 year

Name: _gat

Description: Read and filter requests from bots.

Provider: Google Analytics

Expiry: 1 minute

Name: lms_analytics

Description: Store and track a visitor's identity.

Provider: LinkedIn

Expiry: 30 days

Name: AnalyticsSyncHistory

Description: Store and track visits across websites.

Provider: LinkedIn

Expiry: 30 days

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Name: rc::c

Description: Read and filter requests from bots.

Provider: Google reCAPTCHA

Expiry: Session

Name: rc::b

Description: Read and filter requests from bots.

Provider: Google reCAPTCHA

Expiry: Session

Name: rc::a

Description: Read and filter requests from bots.

Provider: Google reCAPTCHA

Expiry: Persistent

Name: hubspotutk

Description: Store and track a visitor's identity.

Provider: Hubspot

Expiry: 13 months

Name: __hstc

Description: Store time of visit.

Provider: Hubspot

Expiry: 13 months

Name: _gcl_au

Description: Store and track conversions.

Provider: Google Adsense

Expiry: Persistent

Name: google_adsense_settings

Description: Provide ad delivery or retargeting.

Provider: Google Adsense

Expiry: Persistent

Name: GPS

Description: Store location data.

Provider: YouTube

Expiry: Session

Name: YSC

Description: Store and track interaction.

Provider: YouTube

Expiry: Session

Name: PREF

Description: Store user preferences.

Provider: YouTube

Expiry: 8 months

Name: __lc_cst

Description: Store and track a visitor's identity.

Provider: LiveChat

Expiry: 2 years

Name: __lc_cid

Description: Store and track a visitor's identity.

Provider: LiveChat

Expiry: 2 years

Name: lms_ads

Description: Store and track visits across websites.

Provider: LinkedIn

Expiry: 30 days

Name: _guid

Description: Store and track a visitor's identity.

Provider: LinkedIn

Expiry: 90 days

Name: li-oatml

Description: Provide ad delivery or retargeting.

Provider: LinkedIn

Expiry: 1 month

Name: li_sugr

Description: Store and track a visitor's identity.

Provider: LinkedIn

Expiry: 90 days

Name: UserMatchHistory

Description: Provide ad delivery or retargeting.

Provider: LinkedIn

Expiry: 30 days

Preferences

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Name: li_alerts

Description: Store if a message has been shown.

Provider: LinkedIn

Expiry: 1 year

Name: bcookie

Description: Store browser details.

Provider: LinkedIn

Expiry: 1 year

Name: lidc

Description: Provide load balancing functionality.

Provider: LinkedIn

Expiry: 1 day

Name: bscookie

Description: Store logged in users.

Provider: LinkedIn

Expiry: 1 year

Unclassified

Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies. Purpose and Expiration Pending Investigation.

Name: __fx

Description:

Provider:

Expiry:

Name: li_ignored

Description:

Provider:

Expiry:

Name: hu-session

Description:

Provider:

Expiry:

Name: mf_*

Description:

Provider:

Expiry:

Name: In_or

Description:

Provider:

Expiry:

Name: hu-consent

Description:

Provider:

Expiry:

Name: fx_referrer

Description:

Provider:

Expiry:

Name: fx_info

Description:

Provider:

Expiry:

Name: acsbReset

Description:

Provider:

Expiry:

Name: __cf_bm

Description:

Provider:

Expiry:

Name: ziwsSessionId

Description:

Provider:

Expiry:

Name: wistia

Description:

Provider:

Expiry:

Name: ziwsSession

Description:

Provider:

Expiry:

Name: WI_FREQUENCY_145638528689

Description:

Provider:

Expiry:

Name: li_adsId

Description:

Provider:

Expiry:

Name: wistia-video-progress-j042jylrre

Description:

Provider:

Expiry:

Name: persist:hs-beacon-44cc73fb-7636-4206-b115-c7b33823551b

Description:

Provider:

Expiry:

Name: wistia-video-progress-z1qxl7s2zn

Description:

Provider:

Expiry:

Name: wistia-video-progress-fj42vucf99

Description:

Provider:

Expiry:

Name: wistia-video-progress-7seqacq2ol

Description:

Provider:

Expiry:

Name: persist:hs-beacon-message-44cc73fb-7636-4206-b115-c7b33823551b

Description:

Provider:

Expiry:

Name: guru_i18n

Description:

Provider:

Expiry:

Name: __anon_id

Description:

Provider:

Expiry:

Name: wfwaf-authcookie-5c0325aab15cead0bb5ce69d9d04b30b

Description:

Provider:

Expiry:

Details Hide Details