CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC) READINESS
Ensure you’re prepared to address the new age of information security for the defense industrial base.
Align with CMMC Requirements
The U.S. Department of Defense (DoD) has released the Cybersecurity Maturity Model Certification (CMMC) in a move to strengthen an earlier standard known as the Defense Federal Acquisition Regulation Supplement (DFARS) and to address the growing information security concerns across their supporting contractor ecosystem.
Built on National Institute of Standards and Technology’s (NIST’s) Special Publications 800-171 and 800-172, DoD contractors with Federal Contract Information and Confidential Unclassified Information (including prime contractors and their subcontractors) must align with the applicable controls, demonstrate their effectiveness, and (in some cases) be assessed and certified via an independent third party. Once CMMC is fully rolled out by the DoD, certification will be a requirement in order to win DoD contracts.
With our CMMC readiness assessment and advisory services, we can help you:
- Determine your in-scope environment
- Identify applicable required controls based on CMMC Level and the type of data processed
- Assist with remediation activities necessary to obtain a CMMC certification
Navigating CMMC Requirements
CMMC establishes three certification levels, with each requiring a set of controls to be fully implemented and maintained:
- Level 1 – Fifteen selected requirements from the Federal Acquisition Regulation (FAR) 52.204-21, specific to Federal Contract Information (FCI)
- Level 2 – 110 requirements from the Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 (NIST SP 800-171)
- Level 3 – All Level 2 requirements plus 24 selected requirements from NIST SP 800-172, with DoD-defined parameters
Immediate Steps to Address CMMC
- Find the Data – For example, do you have FCI or CUI or access to same? If so, where and why?
- Define the Scope – Who and what has access to the FCI/CUI you hold? Can it be eliminated or scope reduced?
- Assess the Environment – How do you stack up against CMMC level 1 (if you only have FCI) or Level 2 (if you have CUI)?
- Close the Gaps – What do you have to do to achieve and maintain your required CMMC Level?
CMMC Assessment Service
Leverage our team’s operational and consultative experience to help you reach the certification level needed to conduct your business. A CMMC Assessment engagement follows a standardized and proven methodology that provides you with:
- Visibility of areas to address in order to prepare for CMMC certification, regardless of level
- A comprehensive report that provides you with your current CMMC compliance status as well as recommendations for implementing and maintaining the required CMMC practices and processes
Completion of our CMMC Assessment Service will additionally help you determine how to allocate resources to protect the confidentiality, integrity, and availability of CUI.
CMMC Advisory Service
If a formal, holistic assessment isn’t required, but you need to address a specific CMMC requirement, our consultants can become on-demand extensions of your team to provide you with the necessary insights to address a particular challenge.
Our CMMC Advisory Service provides consultation as needed to ensure your scoping strategies, control execution, technical solutions, and remediation activities meet the intent and rigor of the CMMC requirements.
Certifications
Put an ELITE Highly-Trained Team on Your Side
More than 70% of our workforce consists of tenured cybersecurity engineers, architects and consultants
CISSP
HCISSP
CCSP
PCI
CISM
CISA
ISO
HITrust CSF Certified
