​​​​CMMC Consulting (Cybersecurity Maturity Model Certification)

last changes: July 12th 2021

ECURON offers CMMC Consulting Services that are designed to take you from where you are to full CMMC compliance in the most efficient way.

Every organization starts the CMMC certification process from a different point:
Your organization might be out of compliance and lacking a NIST 800-171 assessment, resulting score, and required documentation (SSP & POA&M). Maybe you just need help with the  implementation of certain requirements. Or you might have implemented CMMC requirements and need an independent party to verify your current status with a CMMC Pre-Assessement Readiness Review.

Every organization is different – which is why our CMMC Consulting Services will be customized to your unique situation.

WHAT IS CMMC?

In an effort to simplify the requirements and tighten the security for Department of Defense (DOD) contractors, the DOD is in the process of rolling out a new cybersecurity framework standard called the Cybersecurity Maturity Model Certification (CMMC). This new umbrella standard includes requirements from NIST 800-171, the Federal Acquisition Requirements (FAR) document 52.204-21 and beyond. This new standard will replace NIST 800-171 on DoD RFIs and RFPs. It is focused on providing two sets of information: Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

Unlike with the existing NIST 800-171 requirements, no self-assessments will be accepted. Instead, most organizations that want to do business with the DoD will be required to undergo a certification audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime.

For a brief 3 minute summary of the CMMC for DOD contractors see our blog post:
CMMC Compliance – A Quick Overview.

CMMC IN MORE DETAIL

The CMMC consists of two factors, each with 5 maturity levels of certification:

The first factor is the processes, things such as whether policies, standards, and procedures exist and ranging in maturity levels from Performed (Level 1) to Optimized (Level 5). The second factor is the practices, which is a checklist of cybersecurity items that range from Basic Cyber Security Hygiene (Level 1) to Advanced/Progressive (Lvl 5). In order to meet a specific level’s requirements, organizations will be required to meet both, Process and Practice requirements for that level. Companies who pass this certification process will receive a certificate that is valid for 3 years.

The vast majority of the DoD supply chain will be required to become certified for CMMC Level 1 or 3. For a more detailed description of the 5 different levels and their respective requirements see CMMC Certification Levels.
CMMC certification levels and requirements - preliminary

CMMC TIMELINE

The DoD started rolling out contracts requiring CMMC certification in early 2021. According to the current timeline, all contract will have a CMMC compliance and certification requirement by the end of 2025. 

CMMC CERTIFICATION PROCESS

Here are some rough time estimates and a general overview of the CMMC Certification Process.

HOW WE CAN HELP

Ecuron is a CMMC Registered Provider OrganizationDue to our status as a CMMC Registered Provider Organization™ (CMMC-RPO), Ecuron can perform CMMC Consulting for the pre-assessment phases which include CMMC gap analysis, implementation help, CMMC pre-assessment. We do not conduct the final Certification Assessments.

Depending on your current cybersecurity status as well as the CMMC Level you are required to achieve, implementation of the new standard will take anywhere from several weeks to a year. Starting now by implementing the requirements and cyber security best practices will save you valuable time and will get you ahead of the curve and competition.

We offer CMMC Consulting Services to get you CMMC compliant in 4 Steps:

  1. CMMC Gap Analysis / CMMC Gap Assessment
    See where your organization stands and what it takes to achieve compliance
    CMMC Gap Analysis - CMMC Gap Assessment - mind the gap
  2. CMMC Implementation Help
    Based on the results of the first phase we will help you to close existing gaps by implementing suitable controls  and any missing requirements. This includes developing and writing the extensive documentation required.
    CMMC Consulting - bridge the gap
  3. CMMC Pre-Assessment
    Think of it as a mock audit. We will verify that everything is in place, mature, and can be proven to an auditor. If we find issues we will help you fix them. Once we are confident that you are ready for the CMMC Assessment we will recommend to schedule the actual audit.
  4. CMMC Assessment Support
    We help you prepare for the certification audit, gather & organize evidence for a smooth assessment by the C3PAO. We will be at your side throughout the process.

If you would like to speak to our team to discuss your CMMC requirements and schedule a complimentary 30 min consultation, email us at cmmc@ecuron.com or give us a call.

Join Our CMMC Notification List

Sign up below and we will notify you about any CMMC service updates.

DOWNLOAD OUR
PUBLICATIONS

We’d Love to Talk About Your Cybersecurity Strategy.

- ​None of the information you provide in the form below will be used for marketing purposes -