CMMC Solutions for Defense Contractors

Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to undergo cybersecurity audit and certification, beginning in 2020/2021. Based on NIST 800-171 controls, the CMMC will be a single standard for all DoD contracts. Previous regulations for DoD contractors handling controlled unclassified information (CUI) allowed for self-certification of compliance with appropriate NIST 800-171 controls. CMMC requires third-party audits and certification to ensure that DoD contractors have appropriate levels of security in place.

Assessment & Advisory Services

  • to identify gaps and recommend mitigation steps for needed security controls
  • Provide education on 800-171 and its specific requirements
  • Understand the system(s) and determine where CUI and CDI are located
  • Finalize the system boundary for 800-171 compliance
  • Walk through the NIST 800-171 Control Requirements Matrix

Rizkly Guided Compliance Solution

  • Service that combines a compliance app with expert advisory to assist your in-house efforts
  • to help you manage and track CMMC compliance tasks. Rizkly provides one-click creation of audit-ready documentation.
  • Determine the status for each requirement, and note any gaps where remediation is needed
  • Perform limited technical testing to validate compliance assertions
  • Develop initial Project of Actions & Milestones (POA&M)
  • Organize content, customize controls and define a prioritized action plan in Rizkly, a SaaS cloud-based compliance management application

3rd Party CMMC Assessment Services (after certification from the CMMC Accreditation Body in late 2020)  

  • Prioritize control gaps to identify those that can be remediated quickly (e.g., within the time allocated for the project)
  • Assist with the implementation/enhancement of prioritized controls
  • Document control activities on the SSP to demonstrate how 800-171 requirements are being met
  • Develop needed documentation (i.e. System Security Plan (SSP), Incident Response Plan (IRP), Policies & Procedures, etc.)
  • Develop Management Assertion Letter that can be provided to customers/primes when asked
  • Assist with updating the POAM to reflect any remaining controls that are not implemented or that need to be enhanced
  • Leverage Rizkly to organize policies, track tasks, and demonstrate compliance with auditors and assessors

Act Now

Take the next step to help your company achieve NIST 800-171 compliance in a timely manner.  SecureIT wants to help you succeed with a variety of options to get started:

  • Our infographic is a great place to start.  It boils down what you need to know about NIST 800-171 (key facts, planning, and tips for success) and just takes a couple minutes to review.  See it here.
  • Click here to get pricing for our NIST 800-171 Express Compliance Package that we tailor to meet your organization’s specific needs.  We will pick up the phone and call you to discuss your specific needs.
  • Our brief eBook, “5 Tips for NIST 800-171 Success“, provides valuable guidance in helping government contractors meet the upcoming compliance deadline with minimal disruption to your core business.  Download it today.