CMMC

Captiva has all of your CMMC needs covered; from consulting and assessments to publishing and training.

ORGANIZATIONAL DESIGNATIONS

The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the Department of Defense (DoD) to enhance and ensure the cybersecurity posture of contractors in the Defense Industrial Base (DIB). It is a major shift in cybersecurity regulations that increases cyber hygiene rigor with process and practice requirements, and audits via third-party assessors, known as CMMC Third-Party Assessment Organizations (C3PAOs).

The primary goal of the CMMC is to safeguard sensitive information, such as Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), and control access to critical data, thereby reducing cyber threats and protecting the Defense Supply Chain (DSC).

The Cybersecurity Maturity Model Certification (CMMC) affects organizations and contractors in the Defense Industrial Base (DIB) that handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) and wish to bid on or fulfill DoD contracts.

The CMMC applies to both prime contractors and subcontractors at all tiers of the defense supply chain. It is designed to enhance and ensure the cybersecurity posture of prime and sub-contracotors to protect sensitive information and control access to critical data. Contractors must achieve the appropriate CMMC certification level based on the nature of the information they handle and the contract requirements.

The CMMC requirements are gradually being phased into DoD contracts and will be pivotal to the way DoD suppliers qualify for future contracts. As the program matures, more and more contracts are expected to include CMMC certification as a prerequisite for participation.

HOW WE CAN HELP

CMMC COMPLIANCE

Readiness

Readiness / Gap Assessment

Our experts help defense contractors understand CMMC’s threat-based assessment model and implement required controls to protect sensitive systems, environments, and data.

Assessment

CMMC Level II Compliance

We engage as a third-party to evaluate your organization’s operations, security practices, and threat exposure to achieve CMMC certification.

CMMC TRAINING

Certification

CMMC Certifications (CCP / CCA)

As a Licensed Training Partner (LTP), our interactive training programs include details on core regulations and provide a progressive level of knowledge, hands-on training, and exam preparation that aligns with the exam objectives.

Curriculum

Licensed Publishing Partner

Designed with our Training Partners in mind, our comprehensive CMMC curricula and training materials are based on CMMC core regulations and best practices to promote an interactive learning environment.

CMMC Training and Education

Certified CMMC Professional (CCP) Course

The baseline credential and the first step towards becoming a Certified CMMC Assessor (CCA). It prepares you to participate on CMMC assessment teams.

Certified CMMC Assessor (CCA) Course

The certification for anyone that performs CMMC Level 1 and Level 2 Assessments and wishes to become a Lead Assessor.

CMMC Brass Tacks

Educational and informational events, materials, articles, whitepapers, and other communication on CMMC concerns.

CMMC Continuous Compliance

CMMC Documentation​

Our pre-built policy and documentation templates ensure rapid integration and adoption within your organization.

Continuous Assurance​

We provide continuous awareness of your security posture and the technical solutions required for continuous CMMC compliance.​

CMMC FRAMEWORK LEVELS

Level 1

An organization must demonstrate basic cyber hygiene practices, such as ensuring employees change passwords regularly to protect Federal Contract Information (FCI). FCI is “information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government.”

Level 2

An organization must have an institutionalized management plan to implement good cyber hygiene practices to safeguard CUI, including all the NIST 800-171 r2 security requirements and processes.

Level 3

An organization must have standardized and optimized processes in place and additional enhanced practices that detect and respond to changing tactics, techniques and procedures (TTPs) of advanced persistent threats (APTs).

Level 1

An organization must demonstrate basic cyber hygiene practices, such as ensuring employees change passwords regularly to protect Federal Contract Information (FCI). FCI is “information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government.”

Level 2

An organization must have an institutionalized management plan to implement good cyber hygiene practices to safeguard CUI, including all the NIST 800-171 r2 security requirements and processes.

Level 3

An organization must have standardized and optimized processes in place and additional enhanced practices that detect and respond to changing tactics, techniques and procedures (TTPs) of advanced persistent threats (APTs).