CMMC Compliance Services
Overview of CMMC
There are 5 levels of CMMC certification, the scope of work your organization normally develops proposals for determines the level of compliance you need. A full CMMC compliance maturity and certification process can take from 6-12 months depending on the level of certification and the current state of the organization’s cyber security compliance if done alone.
The DoD Is Not “BLUFfing”…..
…So Here’s The Bottom Line Up Front
The Department of Defense (DoD) has issued the Cybersecurity Maturity Model Certification (CMMC) as an effort to mandate more mature cybersecurity practices, and to apply mandatory assessments to ensure companies have successfully implemented requirements.
CMMC builds upon DFARS and has five levels of maturity from Basic to Advanced Cyber Hygiene. CMMC certification is the future for the DoD supply chain and will be a requirement in future Request for Proposals (RFPs) for organizations that wish to conduct business with the DoD.
Tell Me More About Levels 1-5
The necessary level of certification depends on the degree of requirements for the contracts your organization seeks. For example Level 1 is more about being able to show that your organization can perform specified practices and may not rely on documentation, as process maturity is not assessed for Level 1. However, higher levels require that proper processes and procedures are in place. Levels 4-5 take it a step further and require that your organization can protect your Controlled Unclassified Information (CUI) from Advanced Persistent Threats (APTs).
Now That I Understand The 5 Levels…
Tell Me More About The 17 Domain Controls.
Each domain has separate requirements that must be met before you can achieve compliance for your desired level of certification. It is important to note that not every company that approaches your company offers a solution that meets the full intent of all seventeen controls… spoiler alert: we do! Their approach forces you to manage multiple different vendors to piecemeal a solution to meet CMMC compliance.
Here is a look at the seventeen required controls that we satisfy for our customers:
The 17 Domain Controls
Access Control (AC)
Incident Response (IR)
Risk Management (RM)
Asset Management (AM)
Security Assessment (CA)
Awareness & Training (AT)
Media Protection (MP)
Situational Awareness (SA)
Audit & Accountability (AU)
Personnel Security (PS)
System & Communications Protection (SC)
Configuration Management (CM)
Physical Protection (PE)
System & Information Integrity (SI)
Identification & Authentication (IA)
“We want companies to define their own destiny,
we want small businesses to build into maturity,
and we want them to continue to grow.”