Hello Folks, I have a good understanding of the NIST 800-171 Rev 2 implementation, but I'm not sure about other aspects such as auditing, scoping assessments, and writing the System Security Plan (SSP). Could you recommend some good books or resources to help me learn everything about CMMC?

Please note that our company is a small business.