ORGANIZATIONAL DESIGNATIONS
The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the Department of Defense (DoD) to enhance and ensure the cybersecurity posture of contractors in the Defense Industrial Base (DIB). It is a major shift in cybersecurity regulations that increases cyber hygiene rigor with process and practice requirements, and audits via third-party assessors, known as CMMC Third-Party Assessment Organizations (C3PAOs).
The primary goal of the CMMC is to safeguard sensitive information, such as Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), and control access to critical data, thereby reducing cyber threats and protecting the Defense Supply Chain (DSC).
The Cybersecurity Maturity Model Certification (CMMC) affects organizations and contractors in the Defense Industrial Base (DIB) that handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) and wish to bid on or fulfill DoD contracts.
The CMMC applies to both prime contractors and subcontractors at all tiers of the defense supply chain. It is designed to enhance and ensure the cybersecurity posture of prime and sub-contracotors to protect sensitive information and control access to critical data. Contractors must achieve the appropriate CMMC certification level based on the nature of the information they handle and the contract requirements.
The CMMC requirements are gradually being phased into DoD contracts and will be pivotal to the way DoD suppliers qualify for future contracts. As the program matures, more and more contracts are expected to include CMMC certification as a prerequisite for participation.
CMMC COMPLIANCE
Readiness
Readiness / Gap Assessment
Our experts help defense contractors understand CMMC’s threat-based assessment model and implement required controls to protect sensitive systems, environments, and data.
Assessment
CMMC Level II Compliance
We engage as a third-party to evaluate your organization’s operations, security practices, and threat exposure to achieve CMMC certification.
CMMC TRAINING
Certification
CMMC Certifications (CCP / CCA)
As a Licensed Training Partner (LTP), our interactive training programs include details on core regulations and provide a progressive level of knowledge, hands-on training, and exam preparation that aligns with the exam objectives.
Curriculum
Licensed Publishing Partner
Designed with our Training Partners in mind, our comprehensive CMMC curricula and training materials are based on CMMC core regulations and best practices to promote an interactive learning environment.
CMMC Training and Education
Certified CMMC Professional (CCP) Course
The baseline credential and the first step towards becoming a Certified CMMC Assessor (CCA). It prepares you to participate on CMMC assessment teams.
Certified CMMC Assessor (CCA) Course
The certification for anyone that performs CMMC Level 1 and Level 2 Assessments and wishes to become a Lead Assessor.
CMMC Brass Tacks
Educational and informational events, materials, articles, whitepapers, and other communication on CMMC concerns.
CMMC Continuous Compliance
CMMC Documentation
Our pre-built policy and documentation templates ensure rapid integration and adoption within your organization.
Continuous Assurance
We provide continuous awareness of your security posture and the technical solutions required for continuous CMMC compliance.
Level 1
An organization must demonstrate basic cyber hygiene practices, such as ensuring employees change passwords regularly to protect Federal Contract Information (FCI). FCI is “information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government.”
Level 2
An organization must have an institutionalized management plan to implement good cyber hygiene practices to safeguard CUI, including all the NIST 800-171 r2 security requirements and processes.
Level 3
An organization must have standardized and optimized processes in place and additional enhanced practices that detect and respond to changing tactics, techniques and procedures (TTPs) of advanced persistent threats (APTs).