PROTECT CONTROLLED UNCLASSIFIED INFORMATION WITHIN YOUR SUPPLY CHAIN WHILE ACHIEVING COMPLIANCE
The Cybersecurity Maturity Model Certification (CMMC) is the unified framework to be used by the Department of Defense (DoD) for acquisitions of both prime and subcontractors that provide goods and services to the DoD. In the past, both prime and subcontractors needed to attest to Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 compliance1 as part of the award process. CMMC contrasts DFARS 252.204-7012 by forcing the requirement before award, or ”pre-award.”
WHO NEEDS IT?Any prime or subcontractor that provides goods or services to the DoD will need to comply with the CMMC for third-party assurance that they are able to protect controlled unclassified information (CUI). There are multiple levels of CMMC certification, and the DoD will inform organizations of the CMMC maturity level they need to achieve in order to be awarded contracts.
The following is a breakdown of the number of practices and processes introduced at each CMMC maturity level based on version 1.02 of the CMMC framework:
WHAT WE DOSikich provides organizations with the following suite of services:
One of our CMMC experts conducts a one- to two-day workshop for organizations to discuss CMMC requirements, review the compliance process, and review current organization technical capabilities to meet CMMC requirements. These workshops can be conducted either on site or remotely, based upon the request of the client and current travel logistics.
Sikich CMMC gap analysis engagements are designed to identify gaps within existing security programs and help prepare organizations for certification against CMMC. The deliverable will address an organization’s existing compliance posture in relation to CMMC, provide a detailed review of organizational policies and procedures, and offer a prioritized roadmap with actionable recommendations to meet CMMC compliance requirements.
REMEDIATION AND ADVISORY SERVICES
Following a gap analysis, Sikich assists organizations with remediation activities to prioritize addressing any gaps identified. These activities can include creating policies and procedures, developing a System Security Plan (SSP), and making security architecture recommendations.
CERTIFICATION AND ATTESTATION
Certification against the CMMC is expected to start in the fall of 2020. Once certified as a Certified Third-Party Assessor Organization (C3PAO) by the CMMC Accreditation Body, Sikich will be able to support organizations with certification and accreditation.
PROTECT CUI WITHIN YOUR BUSINESS AND YOUR SUPPLY CHAIN.
All it takes is your name and phone number or email address to learn more about our services and expertise. If you’d like, you’ll also be able to send additional details after you submit your information here.