The Cybersecurity Maturity Model Certification (CMMC) is a set of cyber security guidelines that will replace NIST Special Publication 800-171 on Department of Defense contracts. The CMMC guidelines are partially derived from NIST 800-171, plus additional controls from other standards such as ISO, FedRAMP, and various NIST frameworks, and other regulations. There are three levels of ‘CMMC Certification’ that reflect the type of cyber security compliance level a contractor will need to attain for a particular DoD and/or U.S. Federal Government contract. In CMMC 2.0, Contractors that handle specific CUI are considered Level 2 which requires a 3rd-party audit in order to achieve CMMC certification. TestPros is an official C3PAO offering CMMC consulting to organizations. Contact us today for an independent assessment.
The aggregate loss of controlled unclassified information (CUI) from the DIB sector increases risk to national economic security and in turn, national security. In order to reduce this risk, the DIB sector must enhance its protection of CUI in its networks.
The Council of Economic Advisers, an agency within the Executive Office of the President, estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 Billion in 2016 [Ref: “The Cost of Malicious Cyber Activity to the U.S. Economy, CEA” in February 2018].
The Center for Strategic and International Studies (CSIS), in partnership with McAfee, reports that as much as $600 Billion, nearly 1% of global GDP, may be lost to cyber-crime each year. The estimate is up from a 2014 study that put global losses at about $445 Billion. [Ref: “Economic Impact of Cyber-crime – No Slowing Down” in February 2018].
As a result, DoD requests for proposals will require a new cybersecurity certification that demonstrates your company can adequately safeguard controlled but unclassified (CUI) information.
We will start with determining your organization's current compliance with CMMC. We will examine your organization's policies, procedures, personnel knowledgeability, security control implementation, and more.
Using the information gathered during the gap-analysis, we will develop a plan the help your organization become compliant. This will typically include a System Security Plan and a Plan of Action and Milestones, but it could consist of other documentation as well.
Using the information gathered during the gap-analysis, we will develop a plan the help your organization become compliant. This will typically include a System Security Plan and a Plan of Action and Milestones, but it could consist of other documentation as well.
IT security standards and models are complicated and difficult to follow even for the most experienced professionals. Allow TestPros to transfer some of our 30+ years of knowledge in cybersecurity to your staff.
If your organization already has, or plans to bid on, a DoD contract, you likely have a requirement to be compliant with NIST 800-171, per DFARS clause 252.204-7012. As it stands, this is a self-certification and does not require an outside audit. In addition, the DoD has already begun requiring that all new contracts include a requirement for CMMC compliance. The level at which your organization must be certified will vary depending on the RFP.
The time it takes will depend on the type, size and scope of the project. Contact us to determine the pricing for your specific needs.
The cost will depend on the type, size and scope of the project. Contact us to determine the pricing for your specific needs.
We are here to assist you
Subscribe to our Newsletter
