CMMC
Overview
CMMC is the new Cyber Security certification that is taking the Department of Defense (DoD) by storm. The new mandate requires all Federal contractors, prime and subcontractors, to be validated by a CMMC Accreditation Board (AB) approved Certified Third-Party Assessment Organization (C3PAO). The days of being “self-certified” to NIST 800-171 standards are a thing of the past, now the 300,000+ organizations registered to bid on RFP’s for the DoD must become CMMC compliant. There are 5 levels of CMMC certification, the scope of work your organization normally develops proposals for determines the level of compliance you need.
The Office of the Secretary of Defense (OSD) and the CMMC AB have stated that the mandate to become compliant will not change even with the COVID-19 pandemic, so it is important that organizations look to implement immediately. If Defense Contractors wait until the Summer of 2020 to begin implementing changes they will be putting their enterprise at risk for missing out on upcoming opportunities at the beginning of the 2021 fiscal year. A full CMMC compliance maturity and certification process can take from 6-12 months depending on the level of certification and the current state of the organization’s cyber security compliance if done alone.

Why CSS?
CSS is the ultimate partner for your CMMC preparation.
As your partner, we are by your side throughout the entire process. From initial scan to final audit certification, CSS is here to help. Most of our competitors provide an initial scan with recommendations on fix actions and stop there, while we come in as a trusted agent and fix the problems with you. Their approach causes you to involve multiple cyber security analysts to provide round-the-clock monitoring and protection, while forcing you to perform fix actions by yourself. Our proprietary solution was developed with these requirements in mind, and the expert analysts in our Security Operations Center ensure that your network has the 24/7/365 protection and maintenance as required by law. Our market analysis shows that we are one of the most complete and affordable solutions to obtain CMMC certification. Schedule your complimentary network vulnerability scan today to get started!
The DoD is not "BLUFfing".....
so here's the Bottom Line Up Front
With Government agencies and top enterprises spending the necessary funds on their cybersecurity programs and employee training, hackers have shifted their focus to Small and Medium businesses that have less stringent network security as their prime targets. The Department of Defense (DoD) has issued the Cybersecurity Maturity Model Certification (CMMC) as an effort to mandate more mature cybersecurity practices, and to apply mandatory audits to ensure companies have successfully implemented requirements. CMMC builds upon DFARS and has five levels of maturity from Basic to Advanced Cyber Hygiene. CMMC certification is the future for the DoD supply chain and will be a requirement in future Request for Proposals (RFPs) for organizations that wish to conduct business with the DoD.
Tell me more about
Levels 1-5
Now that we know that the DoD is mandating CMMC and there are 5 Levels, lets dig in! CMMC incorporates pre-existing requirements such as NIST SP 800-171. 48 CFR 52.204-21, DFARS clause 252.204-7012, and various other requirements into a single set of unified best practices for cybersecurity. These requirements are laid out across 17 different domains, range from certification levels of 1-5, and total 171 cybersecurity best practices.
The necessary level of certification depends on the degree of requirements for the contracts your organization seeks. For example Level 1 is more about being able to show that your organization can perform specified practices and may not rely on documentation, as process maturity is not assessed for Level 1. However, higher levels require that proper processes and procedures are in place. Levels 4-5 take it a step further and require that your organization can protect your Controlled Unclassified Information (CUI) from Advanced Persistent Threats (APTs).


Now that I understand the 5 Levels...
tell me more about the controls.
As mentioned previously there are 5 different levels of CMMC. from Basic to Advanced Cyber Hygiene, but many people ask questions surrounding the seventeen different Capability Domains. What are they? How do I satisfy each area? Do I really have to go through every domain and requirement for certification?
Each domain has separate requirements that must be met before you can achieve compliance for your desired level of certification. It is important to note that not every company that approaches you offers a solution that meets the full intent of all seventeen controls... spoiler alert: we do! Their approach forces you to manage multiple different vendors to piecemeal a solution to meet CMMC compliance.
Here is a look at the seventeen required controls that we satisfy for our customers:
CSS Turn-Key
Approach
With Government agencies and top enterprises spending the necessary funds on their cybersecurity programs and employee training, hackers have shifted their focus to Small and Medium businesses that have less stringent network security as their prime targets. The Department of Defense (DoD) has issued the Cybersecurity Maturity Model Certification (CMMC) as an effort to mandate more mature cybersecurity practices, and to apply mandatory audits to ensure companies have successfully implemented requirements.
CMMC builds upon DFARS and has five levels of maturity from Basic to Advanced Cyber Hygiene. CMMC certification is the future for the DoD supply chain and will be a requirement in future Request for Proposals (RFPs) for organizations that wish to conduct business with the DoD.
