Cybersecurity Maturity Model Certification (CMMC)

PROTECT CONTROLLED UNCLASSIFIED INFORMATION WITHIN YOUR SUPPLY CHAIN WHILE ACHIEVING COMPLIANCE

The Cybersecurity Maturity Model Certification (CMMC) is the unified framework to be used by the Department of Defense (DoD) for acquisitions of both prime and subcontractors that provide goods and services to the DoD. In the past, both prime and subcontractors needed to attest to Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 compliance1 as part of the award process. CMMC contrasts DFARS 252.204-7012 by forcing the requirement before award, or ”pre-award.”

WHO NEEDS IT?

Any prime or subcontractor that provides goods or services to the DoD will need to comply with the CMMC for third-party assurance that they are able to protect controlled unclassified information (CUI). There are multiple levels of CMMC certification, and the DoD will inform organizations of the CMMC maturity level they need to achieve in order to be awarded contracts.

The following is a breakdown of the number of practices and processes introduced at each CMMC maturity level based on version 1.02 of the CMMC framework:

WHAT WE DO

Sikich provides organizations with the following suite of services:

CMMC WORKSHOP

One of our CMMC experts conducts a one- to two-day workshop for organizations to discuss CMMC requirements, review the compliance process, and review current organization technical capabilities to meet CMMC requirements. These workshops can be conducted either on site or remotely, based upon the request of the client and current travel logistics.

GAP ANALYSIS

Sikich CMMC gap analysis engagements are designed to identify gaps within existing security programs and help prepare organizations for certification against CMMC. The deliverable will address an organization’s existing compliance posture in relation to CMMC, provide a detailed review of organizational policies and procedures, and offer a prioritized roadmap with actionable recommendations to meet CMMC compliance requirements.

REMEDIATION AND ADVISORY SERVICES

Following a gap analysis, Sikich assists organizations with remediation activities to prioritize addressing any gaps identified. These activities can include creating policies and procedures, developing a System Security Plan (SSP), and making security architecture recommendations.

CERTIFICATION AND ATTESTATION

Certification against the CMMC is expected to start in the fall of 2020. Once certified as a Certified Third-Party Assessor Organization (C3PAO) by the CMMC Accreditation Body, Sikich will be able to support organizations with certification and accreditation.

PROTECT CUI WITHIN YOUR BUSINESS AND YOUR SUPPLY CHAIN.

All it takes is your name and phone number or email address to learn more about our services and expertise. If you’d like, you’ll also be able to send additional details after you submit your information here. 

  • This field is for validation purposes and should be left unchanged.