cropped-Artboard-1.png

CMMC

Captiva has all of your CMMC needs covered, from compliance and assessments to training and curriculum development. 

Organizational Designations

A significant program developed by the Department of Defense (DoD) to safeguard the defense industrial base (DIB) from increasingly complex cyberattacks is the Cybersecurity Maturity Model Certification (CMMC). It primarily aims to enhance the security of the DIB-shared federal contract information (FCI) and controlled unclassified information (CUI).

By adding a verification component for cybersecurity requirements, CMMC builds on existing trust-based regulations (DFARS 252.204-7012).

The CMMC Framework was developed by the Department of Defense's Office of the Under Secretary of Defense for Acquisition & Sustainment (OUSD(A&S)) in collaboration with stakeholders from the Department of Defense, UARCs, FFRDCs, and industry.

All DoD high- and sub-contractors making plans to bid on destiny contracts with with the CMMC DFARS clause could be required to achieve a CMMC certification previous to settlement award. Some high- and sub-contractors accessing, processing or storing FCI (however now no longer CUI) will minimally require a Level 1 attestation. A DoD settlement will specify which stage of compliance a contractor wishes to meet.

All DIB participants ought to examine the CMMC`s technical necessities now no longer simplest for certification however for long-time period cybersecurity agility. However, DoD acknowledges that many DIB participants are small groups that lack the sources in their larger, high counterparts. As a result, the CMMC Framework consists of cost-powerful and lower priced controls for small groups to enforce on the decrease CMMC levels.

Overall, CMMC is designed to offer DoD extended guarantee that a DIB enterprise can competently defend touchy CUI and FCI, accounting for statistics go with the drift right all the way down to subcontractors in a multi-tier deliver chain.

How We Can help

Readiness / Gap Assessment

Our experts help defense contractors understand CMMC’s threat-based assessment model and implement required controls to protect sensitive systems, environments, and data.

CMMC Level II Compliance

We engage as a third-party to evaluate your organization's operations, security practices, and threat exposure to achieve CMMC certification.

CMMC Certifications (CCP / CCA)

As a Licensed Training Partner (LTP), our interactive training programs include details on core regulations and provide a progressive level of knowledge, hands-on training, and exam preparation that aligns with the exam objectives.

CMMC Certifications (CCP / CCA)

As a Licensed Training Partner (LTP), our interactive training programs include details on core regulations and provide a progressive level of knowledge, hands-on training, and exam preparation that aligns with the exam objectives.

CMMC COMPLIANCE

Readiness

Readiness / Gap Assessment

Our experts help defense contractors understand CMMC’s threat-based assessment model and implement required controls to protect sensitive systems, environments, and data. 

Assessment

CMMC Level II Compliance

We engage as a third-party to evaluate your organization's operations, security practices, and threat exposure to achieve CMMC certification.

CMMC TRAINING

Certification

CMMC Certifications (CCP / CCA)

As a Licensed Training Partner (LTP), our interactive training programs include details on core regulations and provide a progressive level of knowledge, hands-on training, and exam preparation that aligns with the exam objectives.

Curriculum

Licensed Publishing Partner

Designed with our Training Partners in mind, our comprehensive CMMC curricula and training materials are based on CMMC core regulations and best practices to promote an interactive learning environment. 

CMMC Training and Education

Certified CMMC Professional (CCP) Course

The baseline credential and the first step towards becoming a Certified CMMC Assessor (CCA). It prepares you to participate on CMMC assessment teams.

Certified CMMC Assessor (CCA) Course

The certification for anyone that performs CMMC Level 1 and Level 2 Assessments and wishes to become a Lead Assessor.

CMMC Brass Tacks

Educational and informational events, materials, articles, whitepapers, and other communication on CMMC concerns. 

CMMC Gap Analysis and Assessment

CMMC Documentation​

Our pre-built policy and documentation templates ensure rapid integration and adoption within your organization.

Continuous Assurance​

We provide continuous awareness of your security posture and the technical solutions required for continuous CMMC compliance.​

CMMC FRAMEWORK LEVELS

Level 1

Level 1 
An organization must demonstrate basic cyber hygiene practices, such as ensuring employees change passwords regularly to protect Federal Contract Information (FCI). FCI is "information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government."

Level 2

Level 2 
An organization must have an institutionalized management plan to implement good cyber hygiene practices to safeguard CUI, including all the NIST 800-171 r2 security requirements and processes.

Level 3

Level 3 
Expert. An organization must have standardized and optimized processes in place and additional enhanced practices that detect and respond to changing tactics, techniques and procedures (TTPs) of advanced persistent threats (APTs). An APT is as an adversary that possesses sophisticated levels of cyber expertise and significant resources to conduct attacks from multiple vectors. Capabilities include having resources to monitor, scan, and process data forensics.

Connect with us to learn more

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

Level 1

An organization must demonstrate basic cyber hygiene practices, such as ensuring employees change passwords regularly to protect Federal Contract Information (FCI). FCI is “information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government.

Level 2

An organization must have an institutionalized management plan to implement good cyber hygiene practices to safeguard CUI, including all the NIST 800-171 r2 security requirements and processes

Level 3 – Expert.

An organization must have standardized and optimized processes in place and additional enhanced practices that detect and respond to changing tactics, techniques and procedures (TTPs) of advanced persistent threats (APTs).

An APT is an adversary that possesses sophisticated levels of cyber expertise and significant resources to conduct attacks from multiple vectors. Capabilities include having resources to monitor, scan, and process data forensics.