CMMC Preparation & Audit
What is CMMC?
Cybersecurity Maturity Model Certification (CMMC) represents the newest standard of cybersecurity defense to which every organization should adhere for basic levels of cyber threat avoidance. Starting in late 2020, all contractors and subcontractors will be required to be certified by a 3rd party auditor in order to provide services to the Department of Defense (DoD). It is anticipated that non-DoD agencies are likely to adopt this same model for certification as well.
What Does CMMC Cover?
CMMC is a tiered certification program, where each contract will include a tier level appropriate for the work that will take place. Some tiers are more comprehensive than others, with the lower tiers being less demanding than the higher tiers. All tiers maintain the goal of keeping your organization and the DoD safe from nefarious cyber elements. The big difference in this program is that now contractors and subcontractors must prove their adherence to the requirements. No longer is self-certification sufficient.
Want to learn more about which tier you fall under? We can help.
Tier 5: Progressive
Tier 4: Proactive
Tier 2: Intermediate Cyber
Hygiene (72 Practices)
Adherence to safeguarding requirements specified in FAR 52.204-21
Tier places emphasis on adopting basic cyber hygiene practices
Hygiene (17 Practices)
Documentation of standard operating procedures (SOP), policies and plans
Tier places emphasis on adopting cyber processes
Tier 3: Good
Cyber Hygiene (130 Practices)
Compliance with all NIST SP 800-171 requirements
Threat escalation procedures
Activity review to show adherence to SOPs, polices and plans
Tier places emphasis on managing the practices and processes
Compliance with additional FAR and NIST regulations
Able to address attacks from Advanced Persistent Threats (APTs)
SOPs, processes and plans are regularly reviewed, and adhered for ever-changing threat environment
Tier places emphasis on the review and evolution of processes for a changing environment
Responsive and adaptive activities against ATPs across the entire organization.
Tier places emphasis on optimizing activities
*Not All Inclusive
How Can USG1 Help?
As contractors ourselves, our immediate reaction to the CMMC program is how will small to medium sized companies who are not in the technology space going to navigate this? We immediately thought, "We can help!" and are in an ideal position to do so. We have been in your shoes and we know how important it is to go into the certification audit worry-free and confident that you can pass.
USG1 is here to help you understand the program, no matter where you are starting in your level of cybersecurity knowledge
We will perform a Gap/Fit of your environment to the various tier levels
Create a road map for you to be compliant and stay compliant
We will continue to help navigate the ever-changing cyber threat tactics so that you can stay ahead of any attacks
Additionally, we will train you and your staff on how to avoid cyberscams and threats directed at your organization. We offer in-person and remote web training options.