Cybersecurity Maturity Model Certification (CMMC) is aligned with the DoD’s information security requirements for DIB partners. CMMC’s framework enforces the protection of sensitive controlled unclassified information (CUI) or non-federal data that is shared between DoD & it’s contractors & subcontractors.
CMMC 2.0 has 3 main objectives:
- Tiered Model: CMMC requires that companies entrusted with national security information implement cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the information. The program also sets forward the process for requiring protection of information that is flowed down to subcontractors.
- Assessment Requirement: CMMC assessments allow the Department to verify the implementation of clear cybersecurity standards.
- Implementation through Contracts: Once CMMC is fully implemented, certain DoD contractors that handle sensitive unclassified DoD information will be required to achieve a particular CMMC level as a condition of contract award.
Our Process
- Scope & Roadmap (in as little as 30 minutes!)
- Risk Assessment & Gap Analysis
- Policy & Governance
- Technology & Process Implementation
- Evidence Collection & Reporting
- Internal Audit (External Audit not required)
- Continuous Maintenance & Monitoring
- Annual Evidence Collection & Compliance Review
Industries
- Manufacturing
- Construction
- Real Estate
- Architecture & Design
- Consulting Services
- Software & Technology
Looking to contract with the DoD?