​​​​CMMC Consulting (Cybersecurity Maturity Model Certification)

Join our CMMC Notification List for any CMMC consulting service related updates. We will alert you once the new Standard is finalized.

WHAT IS CMMC?

In an effort to simplify the requirements for Department of Defense (DOD) contractors, the DOD is in the process of finalizing a new cybersecurity framework standard called the Cybersecurity Maturity Model Certification (CMMC). This new umbrella standard will include requirements from NIST 800-171, the Federal Acquisition Requirements (FAR) document 52.204-21 and beyond. This new standard will replace NIST 800-171 on DoD RFIs and RFPs. Most organizations that do business with the DOD will be required to undergo an audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime.

Here is quick 3 minute summary of the CMMC for DOD contractors: CMMC Compliance – A Quick Overview.

CMMC IN MORE DETAIL

The CMMC will consist of two factors, each with 5 maturity levels of certification:

The first factor is the processes, things such as whether policies, standards, and procedures exist and ranging in maturity levels from Performed (Level 1) to Optimized (Level 5). The second factor is the practices, which is a checklist of cybersecurity items that range from Basic Cyber Security Hygiene (Level 1) to Advanced/Progressive (Lvl 5). In order to meet a specific level’s requirements, organizations will be required to meet both, Process and Practice requirements for that level. Companies who pass this certification process will receive a certificate that is valid for 3 years.

For a more detailed description of the 5 different levels and their respective requirements see CMMC Certification Levels.
CMMC certification levels and requirements - preliminary

CMMC TIMELINE

The final deadline for when all contracts will require CMMC certification is not yet known. However, the DoD has previously indicated that they will start rolling out contracts requiring CMMC certification as early as September 2020.

HOW WE CAN HELP

While CMMC guidelines are not finalized yet, we are able to help with our CMMC Gap Analysis and CMMC Consulting Service to start with CMMC focused implementation now. The latest CMMC draft is already very comprehensive and includes many requirements of NIST 800-171.  Depending on your current cybersecurity status as well as the CMMC Level you are required to achieve, implementation of the new standard will take several months. Starting now by implementing the likely requirements and cyber security best practices will save you valuable time and will get you ahead of the curve and competition.

Once the final CMMC standard is released,  we will help you make final adjustments and implementations. After an internal audit to ensure compliance,  you are ready for the certification audit.

We offer the following CMMC Services:

Join our CMMC Notification List for any CMMC consulting service related updates. We will alert you once the new Standard is finalized.

 

Join Our CMMC Notification List

Sign up below and we will notify you when the Standard is finalized as well as notify you of any CMMC service updates.

DOWNLOAD OUR
PUBLICATIONS

We’d Love to Talk About Your Cybersecurity Strategy.

- ​None of the information you provide in the form below will be used for marketing purposes -