SofiaITC is positioned to steer Department of Defense (DoD) contractors, compliance practitioners, and assessors through the mandatory Cybersecurity Maturity Model Certification (CMMC) compliance framework process. Our solution suite includes a blend of products and services designed to help you, or your clients, strengthen cyber security controls throughout the organization and prepare for certification. Solutions include:
- Provisioning of a Compliance Methodology
- Cyber Risk Tracker platform for organizations, practitioners, and assessors
- Gap Analysis and Baseline Readiness Determination
- Supplier Performance Risk System (SPRS) scoring
- Managing an organization through the process
- Plan and Policy Administration
- Technical Implementation of NIST 800-171 practices/controls (i.e., technical (implementation/configuration) infrastructure readiness, technical GPO implementation)
- Preparation of Package for delivery to an Assessor
- Assessments (Audits)
- Cyber Maturation-as-a-Service (CMaaS) to maintain and update controls through the mandatory CMMC 3-year cycles
DoD CMMC Requirements
The Department of Defense has created a new cybersecurity standard and certification requirement for defense contractors called the Cybersecurity Maturity Model Certification (CMMC). It’s sole purpose is to reduce the exfiltration of Controlled Unclassified Information (CUI) from the Defense Industrial Base (DIB) and secure the supply chain through the implementation of 48 CFR 52.204-21, NIST SP 800-171, DFARS Clause 7012, among other standards.
- CMMC efforts build upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
- The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
- The intent is for certified independent 3rd party organizations to conduct audits and inform risk.
CMMC Maturity Model
DoD Contractors need to determine which CMMC level they want or need to obtain and implement the controls necessary for compliance. Contractors that have already implemented NIST SP 800-171, ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001, should be 85-90% compliant to the new CMMC requirements.
Description of Practices and Processes
CMMC Program Establishes Security as the Foundation to Acquisition
In December 2019, The Defense Department anticipated that by June 2020, “…industry will see cybersecurity requirements included as part of new requests for information”*. So we expect CMMC to be a requirement in DoD RFP’s during calendar year 2021. *Source: Cybersecurity Requirements Likely for Defense Contracts by June 2020
Many Defense Industrial Base (DIB) Contractors are Unprepared
Many small to medium size DIB contractors lack formal policies, practices and supporting documentation required to meet the CMMC standard. Our CMMC Solutions and Services include performing a gap analysis to identify deficiencies and assist you in the design and implementation of processes and practices required by your CMMC level. You will be ready for your CMMC assessment audit. However, this takes time and dedicated resources to develop and implement good cybersecurity compliance – DO NOT procrastinate.
CMMC Analysis, Implementation/Configuration, and Assessment Services
SofiaITC has certified Registered Practitioners and Provisional Assessors with the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB), are strategically partnered with Registered Provider Organization’s (RPOs) and CMMC Third-Party Assessor Organization (C3PAO), in addition to applying for a C3PAO certification. We will deliver CMMC assessments for Organizations Seeking Certification (OSCs). Look for us in CMMC-ABs Marketplace https://cmmcab.org/marketplace/
SofiaITC will assist DoD contractors in preparing for CMMC. Contact us to learn everything you need to know about preparing for the Cybersecurity Maturity Model Certification (CMMC), which is mandatory for DoD contractors.
See CMMC videos featuring our CEO on our Events page: https://sofiaitc.com/events