CMMC Compliance Advisory

 

Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to undergo cybersecurity audit and certification, beginning in 2020/2021. Based on NIST 800-171 controls, the CMMC will be a single standard for all DoD contracts. Previous regulations for DoD contractors handling controlled unclassified information (CUI) allowed for self-certification of compliance with appropriate NIST 800-171 controls. CMMC requires third-party audits and certification to ensure that DoD contractors have appropriate levels of security in place.

SecureIT’s CMMC compliance advisory services are specially designed to help defense contractors implement the required controls for protecting sensitive systems and information. Here’s a brief overview:

 

Kick-Off, Education, & Assessment

  • Provide education on CMMC and its specific requirements
  • Understand the system(s) and determine where sensitive information is stored and appropriate boundaries
  • Walk through the CMMC Control Requirements Matrix
  • Determine the status for each requirement, and note any gaps where remediation is needed
  • Perform limited technical testing to validate compliance assertions
  • Develop initial Project of Actions & Milestones (POA&M)
  • Deliver presentation on current state of readiness and recommended path forward

 

Remediation & Compliance Program Management  

  • Prioritize control gaps to identify those that can be remediated quickly (e.g., within the time allocated for the project)
  • Assist with the implementation/enhancement of prioritized controls
  • Document control activities on the SSP to demonstrate how CMMC requirements are being met
  • Develop needed documentation (i.e. System Security Plan (SSP), Incident Response Plan (IRP), Policies & Procedures, etc.)
  • Develop Management Assertion Letter that can be provided to customers/primes when asked
  • Assist with updating the POAM to reflect any remaining controls that are not implemented or that need to be enhanced
  • Design a program to ensure ongoing CMMC compliance (continuous monitoring) using Rizkly, an efficient and effective service for simplifying compliance management

 

Start Planning Now

Take the next step to help your company achieve CMMC compliance before the deadline.  SecureIT wants to help you succeed with a variety of options to get started:

  • Click here to get pricing for our CMMC compliance services that we tailor to meet your organization’s specific needs.  We will pick up the phone and call you to discuss your specific needs.
  • Our NIST 800-171 infographic is a great place to start.  It boils down key facts, planning, and tips for success and just takes a couple minutes to review.  See it here.
  • Our brief eBook, “5 Tips for NIST 800-171 Success“, provides valuable guidance in helping government contractors meet the upcoming compliance deadline with minimal disruption to your core business.  Download it today.